Geraldine Strawbridge

Geraldine Strawbridge is a graduate from the University of Glasgow. As the Editor of Cyber Radio, Geraldine is focused on delivering the latest cyber security news whilst making cyber security more relatable to people in their everyday lives.

WhatsApp has urged users to update their apps following the discovery of a security bug that allows hackers to remotely install spyware on users’ smartphones.

The attackers were able to install spyware through WhatsApp’s voice call function. This is active on the user’s phone, regardless of whether they answer the call or not.

The spyware can then trawl through calls, texts and other data, activating the phone’s camera and microphone whilst performing other malicious activities.

The Facebook owned company, confirmed that the attack bears all the hallmarks of a private surveillance firm which reportedly works with governments to deliver spyware that takes over a phone’s operating system.

According to the Financial Times, the spyware was developed by a secretive Israeli spyware company known as the NSO Group. Their Pegasus software has been used in previous attacks against human rights activists. However, the company has strenuously denied having anything to do with the WhatsApp hack.

A spokesperson from NSO said: “Our technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror”

“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization.”

Are you affected by the WhatsApp Hack?

The number of people affected by the attack is not yet known. Despite having a global customer base of 1.5 billion people, it’s thought that only a few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been directly impacted by the attack.

If you haven’t received a WhatsApp voice call from an unknown number or had a missed call, it’s unlikely you are affected. However, due to the secretive nature of the spyware, there’s no way of knowing for sure if your account has been hacked.

Is the issue resolved?

As soon as WhatsApp discovered the security flaw, they immediately issued a patch to fix the problem. They have since urged users to update their app to the latest version to prevent their phone from being compromised.