According to the article in the Financial Times by Mehul Srivastava in May 2019, a company called the NSO group in Israel has developed software (called Pegasus) that can breach iPhone and Android security simply through leaving a missed call on WhatsApp. This then allows software to be installed on the device that ultimately hijacks the entire phone, allowing most of the features on the compromised device (like camera, email, contact list, browsing history etc.) to be accessed by an attacker.
This exploit potentially makes about 1.5 billion users in over 180 countries around the world that use WhatsApp vulnerable to malicious attacks or compromised personal information.
The NSO group sells this software to governments and law enforcement agencies around the world as an essential tool for law enforcement, and claims to not be aware of any abuse of the software. However, The Citizens Lab at the University of Toronto have identified a total of 45 countries where operators may be conducting surveillance operations using this Pegasus Software.
WhatsApp Fix Released
WhatsApp have released a fix, but this relies on users updating the software on their mobile devices. While it is recommended that users update their Apps at least monthly or allow the Apps to be updated automatically, this can be burdensome and therefore users often neglect to apply essential updates. It is quite likely that less than half the number of devices that use WhatsApp were updated in the week following the announcement of the WhatsApp Exploit
If you have not yet updated your devices, then there is one thing that you must do today, and that is to update WhatsApp on all your mobile devices.
In order to apply to update, the procedure for updating WhatsApp is as follows:
- Open the iTunes AppStore on your device
- Tap the Updates icon at the bottom of the screen
- Scroll down to find WhatsApp in the list of applications
- Click Update
- Open the Google Store App
- Tap menu > My apps & games
- Find the WhatsApp App
- Tap More
- Check the box next to “Enable auto Update”
For more information, there are a number of links in this text and there is an interesting podcast from WordFence on this topic.
There always will be new vulnerabilities and potential exploits in the software that we use. Software developers and security experts are continually testing their software and fixing any issues that they may find. It therefore is essential that you keep your software applications up to date on your mobile or desktop devices.
This applies equally to WordPress where the popularity of the content management system makes it an ideal target for malware developers. Website owners therefore need to be vigilant of changes on their site and they need to keep their CMS, theme and plugins up to date.
Companies like ABC Digital offer WordPress Maintenance services to ensure that clients’ website infrastructure is kept up to date and is as secure as possible. Check out our website for more information on the services that we offer.