Skip to main content

Update WhatsApp! Sophisticated attack installs spyware with just a call

WhatsApp is advising its users to update the app following the discovery of a security flaw that enabled surveillance software to be placed on a target’s phone via the app’s call feature.

The sophisticated spyware, called Pegasus, was developed by Israeli security firm NSO Group and discovered by WhatsApp earlier this month, according to a Financial Times (FT) report on Monday, May 13.

The software could be installed on Android and iPhone handsets simply by calling the targeted person through WhatsApp. In other words, it could be injected even if the call wasn’t answered. Call logs would even disappear from the target’s device, erasing any evidence that their phone had been tampered with.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in comments reported by the FT, though the Facebook-owned company declined to give any specific names.

WhatsApp said it’s still investigating the matter and it was too early to say how many users had been impacted by the spyware, suggesting only that it was a “select number” of people.

The vulnerability has been fixed through changes to WhatsApp’s owned systems, but as a precautionary measure, the company told users to check that they’re running the latest version of the app on their devices. It also advised users to make sure their mobile operating system is up to date to ensure proper protection against potential targeted exploits designed to access information stored on mobile devices.

Pegasus

The Pegasus spyware is usually licensed to governments who use it to gain access to the devices of individuals targeted in investigations.

In a statement, NSO Group said its technology is used by “authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.”

The company said it always investigates any “credible allegations of misuse and if necessary, we take action, including shutting down the system.”

It added: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
WhatsApp finally lets you edit sent messages. Here’s how to do it
WhatsApp logo on a phone.

WhatsApp has announced a much-requested edit feature that lets you alter a message within 15 minutes of sending it.

“From correcting a simple misspelling to adding extra context to a message, we’re excited to bring you more control over your chats,” Meta-owned WhatsApp said in a blog post introducing the handy feature.

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more
I paid Meta to ‘verify’ me — here’s what actually happened
An Instagram profile on an iPhone.

In the fall of 2023 I decided to do a little experiment in the height of the “blue check” hysteria. Twitter had shifted from verifying accounts based (more or less) on merit or importance and instead would let users pay for a blue checkmark. That obviously went (and still goes) badly. Meanwhile, Meta opened its own verification service earlier in the year, called Meta Verified.

Mostly aimed at “creators,” Meta Verified costs $15 a month and helps you “establish your account authenticity and help[s] your community know it’s the real us with a verified badge." It also gives you “proactive account protection” to help fight impersonation by (in part) requiring you to use two-factor authentication. You’ll also get direct account support “from a real person,” and exclusive features like stickers and stars.

Read more