WhatsApp has urged its 1.5 billion users globally to update their app to protect against “potential targeted exploits” after it discovered a vulnerability that allows spyware to be installed on users’ phone.
The Facebook-ownedcompany said it had, earlier this month, identified and promptly fixed avulnerability that could enable an attacker to insert and execute code onmobile devices. It has also made changes to its infrastructure to deny theability for this attack to take place, it added.
Without naming the attacker, WhatsApp said the attack hasall the hallmarks of a private company that reportedly works with governmentsto deliver spyware, which takes over the functions of mobile phone operatingsystems.
In an emailed statement, a WhatsApp spokesperson said thecompany encourages people to upgrade to the latest version of its app, and tokeep their mobile operating system up-to-date.
“(This will help) protect against potential targetedexploits designed to compromise information stored on mobile devices. We areconstantly working alongside industry partners to provide the latest securityenhancements to help protect our users,” the spokesperson added.
According to reports, the spyware was allegedly developed byIsraeli cyber intelligence company NSO Group. The vulnerability allowedinstallation of spyware on the device through a WhatsApp voice call –irrespective of whether the call was answered or not.
WhatsApp – which is end-to-end encrypted – did not discloseof the number of people that may have been affected by the vulnerability. Indiahas the largest base of WhatsApp users globally with well over 200 millionusers.The company said it has launched aninvestigation into the matter, and has also provided information to US lawenforcement agencies to help them conduct an investigation.