Take your "smartphone" now and update the application as soon as possible. «Either on Android or iOS, users have to enter the official stores of such operating system (Google Play and App Store) to install the latest version. What they have to do is update all the applications they have pending ", explains Andrés Núñez, of the security firm S2 Grupo.
Only then, with the latest version, users can correct the vulnerability discovered on Tuesday in the popular instant messaging application, by which cybercriminals can install a surveillance "software" on users' mobile devices (« spyware ») through a simple video call.
Although the news has been known through the "Financial Times", WhatsApp, which also encourages its 1,500 million users "to update the latest version of the application, as well as to keep the mobile operating system updated," explains ABC that was early this May when he quickly identified and solved a vulnerability that an attacker could insert and execute code on mobile devices.
"We believe that an advanced cybernetic actor attacked a certain number of users through this vulnerability. The attack has all the characteristics of a private company that reportedly works with governments to offer spyware that takes over the functions of mobile phone operating systems, "says WhatsApp.
Given this panorama, the popular application, which belongs to Facebook, recommends updating the previous versions to:
– If you use Android: v2.19.134,
– If you use WhatsApp Business for Android: v2.19.44
– If you use iOS: v2.19.51,
– If you use WhatsApp Business for iOS: v2.19.51
– If you use Windows Phone: v2.18.348
– If you use Tizen: v2.18.15
Although there is no confirmation, the suspicions are centered on the Israeli group NSO Group, who could have devised the Pegasus spy software, taking advantage of the "bug" (as security errors are known). It is a malicious surveillance code designed to carry out very specific attacks, although the number of users that could be affected is unknown. The vulnerability was discovered last Sunday when a British lawyer specializing in human rights was attacked through his phone using the NSO Group tool.
"What has been discovered is a zero-day vulnerability," adds Andrés Núñez. This is how security errors that are unknown are known. "That is to say," continues the expert, "no one until now knew that through a WhatsApp video call you could inject code into the 'app'. Only the group that has unveiled it is the one that knew it. " Until then, all devices with the installed application "were vulnerable", recalls the expert. When it becomes public, it's time to update the application to solve this security error. And until that happens, there is a time when anyone can take advantage of that "bug". All devices are vulnerable.
Zero Day Vulnerability
Zero-day vulnerabilities are very popular in the cybersecurity sector. Is the order of the day. Even so, there is no doubt that this is a very serious security error because this vulnerability "allowed to install 'apps' remotely," says the expert. «A WhatsApp video call is a data entry to a device (because it uses the internet). In this data entry was hidden an application that was installed on the 'smartphone'. In this case, it was a spy app.
A spyware, as its name suggests, "allows you to take remote control of a device," adds Núñez, so the cybercriminal can activate the microphone, the camera and access your data whenever you want or permanently. «You can activate the camera and see your movements at all times», exemplifies. At the user level, it is practically impossible to detect it.
Precisely, this cyber attack in principle was aimed at people and very specific institutions, but the vulnerability of the software exists in any terminal if WhatsApp is not updated.
Absolute cybersecurity does not exist
With this new breach it is evident, once again, that one hundred percent security does not exist on the Internet. "But neither in the physical world," adds Núñez. "An armored door does not assure you one hundred percent of not entering your home," exemplifies the expert. But the better protected we are, the lower the risk. Hence, users always have the latest versions of operating systems or applications installed on their devices.
Although it may seem strange, "the important thing is to detect the security breaches as soon as possible and patch them. And make them public so that all users update them, "says Núñez. "The first step in managing a risk -continued- is the threat. If you do not know what the vulnerability is, you can not fix it. And knowing yes, although there will always be a window of temporality for which security will always be exposed ».
But the user has to be aware that "WhatsApp software or any other system or 'app', if it is not vulnerable now, will end up being at any time of its existence because there is no one hundred percent security» . (tagsToTranslate) whatsapp (t) spy