WhatsApp, the communication software of 1.5 billion users worldwide, has now become an indispensable application for global smartphone users. However, WhatsApp has recently been confirmed to have a security vulnerability which allows hackers to implant malware for remote monitoring without the users’ knowledge. WhatsApp stated that the exact affected number was not yet known, but it has issued an update on 10 May and encouraged all 1.5 billion worldwide users to update to the latest version of the app. Facebook, the parent company of WhatsApp, has reported the issue to the Irish government where its European headquarters are based on 14 May.
WhatsApp acknowledged hackers’ attacks on system vulnerabilities. Hackers make use of WhatsApp program bugs to call users and remotely install monitoring software on victims’ phones through voice calls. Even the users did not answer the phone, malware can also be implanted. The surveillance software implanted by hackers, Pegasus, is a spy program of NSO, an Israeli information security company, which is also known as the ‘Internet Arms Dealer’. Pegasus can also turn on camera and microphone functions, access location and message content. The problem is even worse when the call records will be automatically deleted once the monitoring program is installed, the users do not know that their WhatsApp applications have been tampered with.
Regarding the incident, WhatsApp issued warnings to human rights groups and the U.S. Department of Justice and accused the involvement of NSO in the matter. However, NSO denied the charge and stated that they would not operate or identify the targeted aim of its technology under any circumstances. NSO claimed that as the original intention of the program is simply to help authorities to fight crime and terrorism, so they were looking into the incident and stressed that they would carefully review their customers whether they have committed any abuse. After discovering the program bugs, WhatsApp patched the application and launched a new updated version on 10 May, urging 1.5 billion users to update as soon as possible.