According to the Financial Times, a vulnerability was discovered in WhatsApp. The vulnerability is being exploited to inject commercial spyware called Pegasus onto Android and iOS devices. How? By calling the target. The scary part is that the call doesn’t even have to be answered. Developed by the NSO group, Pegasus can be installed without a single trace according to security researchers.
What happens if my phone is infected with Pegasus?
Well, it’s not pretty. Once Pegasus is installed, it can turn on a phone’s camera and mic, and scan emails and messages. It can also collect your location data as well. Needless to say, WhatsApp is emphasizing that everyone of their 1.5 billion global users should update the app immediately to close the security hole.
Thus far, the vulnerability exists in the following versions of WhatsApp prior to v2.19.134 and v2.19.44 for Android. For iOS, if you’re on a version prior to v2.19.51 for both WhatsApp and WhatsApp Business, you are susceptible for attack. In addition, WhatsApp for Windows Phone prior to v2.18.348 and WhatsApp for Tizen prior to v2.18.15 are also at risk.
There’s a major plot twist with Pegasus
While it looks like the NSO Group is the culprit behind Pegasus, the story is only partially true. Pegasus is developed by NSO Group which is an Israeli technology firm focused on cyber intelligence The software is primarily sold to governments and law enforcement agencies to help fight terrorism and crime.
Unfortunately, NSO’s hardwork has also been used by countries, organizations, and individuals for nefarious purposes. The vulnerability in WhatsApp, discovered in early May, was targeted as recently as Sunday. This was when a UK-based human rights lawyer was attacked by Pegasus according to researchers at Citizens Lab. Fortunately, the attack was blocked by WhatsApp.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” said WhatsApp in a statement provided to The Financial Times. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”
Pegasus has flown before
This isn’t the first time that Pegasus has been in the spotlight thought. In 2016, NSO spyware was implicated in an attack on Emirati human rights activist by the name of Ahmed Mansoor. Later, in 2018, Pegasus was aimed at prominent TV journalist Carmen Aristegui and 11 others while investigating a scandal involving the Mexican President.
According to researchers, Pegasus has been used by as many as 45 countries to aid in the persecution of dissidents, journalists, and other innocent civilians.
Should I be worried about Pegasus?
While there seem to be no reports of any hacked devices in Sri Lanka, that doesn’t mean that there is no threat. We recommend that you update your version of WhatsApp as soon as possible. You can find the latest versions of Whatsapp for Android and iOS here and here
If the update is not available on your respective app store, you can wait for it or download the file from a trusted third party hosting site. We would like to state that we bear no responsibility for any damage done if you download an unverified version of WhatsApp from a 3rd party hosting site.