WhatsApp urges users to update to latest version as Irish regulator warned of 'major security vulnerability'
News

WhatsApp urges users to update to latest version as Irish regulator warned of 'major security vulnerability'

WHATSAPP users have been urged to update the platform as soon as possible following the discovery of a major security vulnerability that allows hackers to install malicious spyware on their smartphones.

The Facebook-owned messaging app informed its lead regulator in the EU, Ireland's Data Protection Commissioner (DPC), of the serious flaw in its code late on Monday after it was discovered earlier this month.

The vulnerability lets attackers install surveillance software on both iPhone and Android devices by ringing up targets using WhatsApp's call function, after which victims' communications and even locations can be tracked.

"The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorised software and gain access to personal data on devices which have WhatsApp installed," the regulator said in a statement.

"WhatsApp are still investigating as to whether any WhatsApp EU user data has been affected as a result of this incident."

WhatsApp said it made changes to its code late last week to block the attacks from taking place, but that only a select number of users appeared to have been targeted using the vulnerability by an advanced cyber actor.

Advertisement

The platform added that it was deeply concerned about the abuse of such capabilities and is also urging users to update their apps out of caution.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokeswoman said on Tuesday.

The messaging app, which is used by 1.5 billion people worldwide, has also alerted US law enforcement to the issue.

The exploit – developed originally by the secretive Israeli cybersecurity and intelligence firm NSO Group – can be transmitted even if users do not answer their phones, and the offending calls often disappear from call logs.