WhatsApp has urged all its 1,5 billion users to update their app with immediate effect as a result of a vulnerability. This comes after hackers were able to remotely install surveillance software on WhatsApp users phones because of a major vulnerability on WhatsApp.

In a statement, WhatsApp has said that the cyber attack was orchestrated by an "advanced cyber actor" and it only affected a select number of users. Despite this, they have urged all users to update their messaging app to patch the vulnerability.

"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number," reads a security advisory by WhatsApp.

Cyber arms dealers

It has emerged that the software used to exploit the vulnerability was developed by Israeli security firm NSO Group. The Israeli-based American-owned company develops what it calls tools against crime and terrorism, however, some cyber security experts have labelled them cyber arms dealers based on their reputation.

What is interesting is that the exploit involved using WhatsApp's voice calling function. Once a target's phone was ringing, even if they don't pick up the call, the surveillance software would be installed. Once installed, the call will disappear from the victims WhatsApp call logs.

This raises questions of privacy regarding WhatsApp which has stated numerous times that it is not only secure, but is end-to-end encrypted.


Cover image credit: Rachit Tank/Unsplash Share this article via: