large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

WhatsApp security breach: how to fix it

Users are being encouraged to update their WhatsApp messaging app after iOS and Android users were explosed to a security issue where people calling the target could install government issue spyware onto a target’s phone, even if the call wasn’t answered.

Unlike many vulnerabilities, which are found by security researchers and then fixed quietly before any announcement, in this case there was a live attack, which saw spyware installed on a phone.

Related: Best Android Phones

WhatsApp owner Facebook has said that “an advanced cyber actor” was responsible for the attack, while the Financial Times is reporting that the software was developed by Israeli security bods NSO, a cyber-security firm best known for their ‘Pegasus’ software, a program that can turn on a phone’s microphone or camera remotely, grab location data, and trawl through emails and messages at will.

NSO primarily sell Pegasus to governments and law enforcement agencies, where it’s used to fight terrorism and high-level crime. However, it’s been used multiple times by private citizens and organisations for nefarious means.

Related: Best iPhone 2019

It’s pretty bad news for WhatsApp users, but luckily a fix was pushed on Friday. To seal up the vulnerability, users are being told to update their WhatsApp install. This is easy to do, just head to your app dispensary of choice and hit the update button.

Some 1.5 billion people use WhatsApp around the globe. In a statement, WhatsApp said: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”

It’s not yet clear how many people were affected, although a UK-based human rights lawyer was reported to have been attacked by Pegasus according to security researchers at Citizens Lab. This attack was blocked by WhatsApp, after the security hole was closed up with the Friday patch.

So, update your WhatsApp. Right now.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.