WhatsApp – the most popular messaging app in the world was exploited recently. An Israeli spyware Pegasus was used to snoop on journalists around the world. Are you personally at risk, and should you stop using WhatsApp? Read on to find out.
What is exactly is Pegasus?
- Pegasus is basically a spyware tool that has been developed by an Israeli firm, the NSO Group.
- Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone.
Whatsapp has sued the NSO group in a federal court in San Francisco accusing it of using WhatsApp servers in the United States and elsewhere “to send malware to approximately 1,400 mobile phones and devices.
What are the Capabilities of Pegasus?
- Once installed it can send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.
- Target’s phone camera and microphone can be turned on and used to capture all the activities around it.
- According to WhatsApp Pegasus had access to email, SMS, location tracking, network details, device settings, and browsing history data without the target user’s knowledge.
How WhatsApp was compromised?
- According to a security report, a missed call on the app was all that was needed to install the software on the device — no clicking on a misleading link was required.
- Later WhatsApp explained that the spyware exploited the video/voice call function on the app, which had a zero-day security flaw. It did not matter if the target did not take the call — the flaw allowed for the malware to be installed anyway.
Is your WhatsApp Hacked?
- In a media report, it was revealed that about 1400 target devices around the world were exploited using the spyware and the majority of them were journalists and activists.
- At least two dozen academics, lawyers, Dalit activists, and journalists were alerted by the company in India.
- After the issue came into light WhatsApp immediately fixed the loophole in an update and presumingly prevented further damage
It is not known who carried out the surveillance on the Indian targets. The NSO Group has said that it provides the tool exclusively to “licensed government intelligence and law enforcement agencies”, and not just to anyone who wants it.
Is WhatsApp safe or should you switch to handwritten letters?
The popularity of this messaging app attracts all sorts of hackers, cybercriminals, or other entities. Still, WhatsApp uses end-to-encryption, for personal as well as group chats. This is mostly a safe thing, and it will make your data nearly impossible to decrypt even it gets on the hand of hackers.
However, it is important to be aware that unknown ‘zero-day’ exploits could exist for virtually every software and app in the world — and that they might be exploited at some point in the future by individuals or agencies determined to do so.
In the end, be mindful of your activities on the web.
To prevent a privacy breach, follow these best practices:
- Ensure mobile devices containing personal information are protected by strong encryption and strong passwords.
- Use strong passwords to access your important accounts and never share your password with anyone.
- Don’t send personal information by email unless absolutely necessary. Never send the following personal information by email: medical information, Identity numbers, credit card numbers, driver’s license numbers, personal health card numbers, passwords and any other information that can be used to commit financial fraud.
- Install anti-virus and anti-malware software and make sure it is always up-to-date.
- Regularly update your software
Thanks for reading! Stay safe