WhatsApp is urging its 1.5 billion users to update their apps following the discovery of a security bug that allows hackers to remotely install spyware on users' smartphones.
According to The Guardian (opens in new tab), the spyware is "capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities", and is installed through an infected WhatsApp call.
A spokesperson for WhatsApp has said that the company "encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices".
"We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
- Avoid the block - see how to use WhatsApp in China
Have I been affected?
WhatsApp, which is owned by Facebook, hasn't confirmed how many user accounts have been affected by the hack, but so far a few targets, including a "UK-based human rights lawyer and an Amnesty International researcher, have been identified", says the Guardian.
WhatsApp has confirmed that the attackers were "able to install spyware through WhatsApp's voice call function, even if the user did not pick up the call", according to Sky News (opens in new tab).
So, if you haven't received a WhatsApp voice call from an unknown number or a call that's been dropped, you're probably safe – right now there's no way to tell for sure if your account has been hacked.
However, the attack appears to have been targeted at those who work in industries that handle sensitive information, like lawyers and journalists; therefore if you use WhatsApp for work correspondence, you should be especially vigilant.
How to check if you have the latest version of WhatsApp
Whatever you use WhatsApp for, you should update the app to the latest version as soon as possible.
If you're using an Android phone, you can check whether you have the latest version of the app, as WhatsApp lists the most recent version on its website. The latest version of WhatsApp on Android is 2.19.134.
If you're using an iPhone, the latest version of WhatsApp for iOS is 2.19.51.
How to update WhatsApp on Android
To update WhatsApp on Android, you need to first open the Google Play Store, and click on the menu in the top left-hand corner of the screen.
Then, select 'My Apps & Games', where WhatsApp will appear in a list of your apps – if it's already been updated to the latest version, the button next to it will say 'Open'.
If the app needs to be updated, the button will say 'Update' – click on this to install the latest version of WhatsApp for Android.
How to update WhatsApp for iOS
If you have an iPhone or iPad, you'll need to head to the App Store, where any available updates will be displayed in the 'Updates' section.
If WhatsApp has already been updated to the latest version, it will simply appear in a list of your apps with a button that says 'Open'
If the app needs to be updated, the button will say 'Update' – click on this to install the latest version of WhatsApp for iOS.
Who's behind the WhatsApp attack?
The Financial Time (opens in new tab)s has reported that an Israeli cyber intelligence company called NSO Group created the spyware.
Sky News (opens in new tab) reports that "NSO Group claims its technology, known as Pegasus, is only used by intelligence and law enforcement agencies", but that "human rights organizations have claimed that many of the state agencies it works with are repressive and often target their lawyers and activists".
In a statement, the company said that its technology is "licensed to authorized government agencies for the sole purpose of fighting crime and terror"
"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization."