WhatsApp have declared that an Israeli security research group have discovered a vulnerability that enabled “SpyWare” to be installed on WhatsApp users’ devices, remotely and without any interaction from the user.
Activity observed so far looks to be highly targeted but it cannot be ruled out that the exploit could be replicated. While the likelihood of being targeted is currently low, the potential severity is high, and the fix is straightforward with minimal risk. Bridewell therefore recommends all users of WhatsApp to update immediately. Guides on how to update for iPhone and Android are provided below.
iOS: App Store, Updates, WhatsApp – Update
Android: Play Store, My apps & games, WhatsApp – Update
“What is Spyware?” Spyware is a piece of software that aims to gather information about an individual or business. This could range from an attacker being able to monitor the devices camera, microphone and keystrokes to having full access to the devices filesystem – all without the user knowing.
Should you have any further questions about this please do not hesitate to contact a member of the Bridewell team today.
Bridewell’s Penetration Testing team also conducts research of this nature and work in close collaboration with the relevant authorities and organisations when malware of this nature has been discovered. For previous work in this area please click here.