The WhatsApp hack that broke ground recently appears to have been targeted specifically at political protesters, human rights supporters, opposition politicians and journalists in 45 countries, we tell you how to protect yourself from attack.
It's a story that could potentially affect millions of WhatsApp users around the world after the company confirmed their app contains a vulnerability that could allow hackers to take control of a victims phone just by sending an unanswered voice call.
Scary stuff, but it seems that the hack was aimed at specific individuals in 45 countries. It appears as, according to WhatsApp, "a select number of users" – including journalists, human rights organisations, politicians and more – have been targeted.
The threat is still present for any WhatsApp user who hasn't yet updated their software. Our advice is to follow the steps below and update the app on your mobile device to the latest version.
Android users need to visit the Play Store app. Simply tap the menu icon, find WhatsApp in the 'My apps & games' section and select 'Update' if you're not already on the most recent version.
If you're using an iPhone, open the App Store and search for WhatsApp. An 'Update' button will appear if there is one available and you're not already using the most recent version.
What actually happened
Cyber-security professionals consider this attack as "extraordinary" as there is no way to safeguard against it. Recognised as a "no-click" attack, which means the victim is not required to interact with the application, the hackers could gain access to the device by making a voice call which doesn't even need to be answered.
It is believed that malicious code may have been sent via a "buffer overflow" vulnerability in the Secure Real-time Transport Protocol (SRTP) used by WhatsApp. The exact details are fuzzy, but the code may have been dispatched from the caller's phone via details – such as name and number – which are obtained by the recipient's mobile when a call is received.
According to the Financial Times, an "advanced cyber actor", the NSO Group, was responsible for the hack. But NSO Group, an Israeli technology company who created Pegasus, the technology used in the hack, say they are not responsible. They claim that intelligence and law enforcement agencies are the only organisations authorised to use it.
Fortunately for Jo Public, to use this vulnerability in WhatsApp is expensive, which means it's unlikely it'll be used on a broader scale. Well, we can all live in hope but it's probably best you update WhatsApp anyway...