Watch out for WhatApp on Android and iOS

If you're among the masses of people using WhatsApp, for either Android or iOS, be advised that the Israeli hacking consortium known as the NSO Group may have installed spyware on the device you use WhatsApp on.

A massive security flaw identified as CVE-2019-3568 has been discovered and weaponized by the NSO Group.

This allows them to install spyware and steal a variety of data from impacted devices.  Worse, the group is installing their Pegasus spyware, which is among the most advanced on the planet. It's very good at hiding itself, deleting incoming calls, and other log information in order to remain hidden.

The good news is that Facebook, which owns WhatsApp, has patched the flaw with an update. As long as you're using the latest version, you're protected.  Unfortunately, not everyone keeps their apps up to date. Prior to the patch being released, all 1.5 billion of the app's users were considered vulnerable.

Official company statement

"The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to 2.18.15."

Although millions of users have already updated their software, the sad reality is that for most people, keeping apps up to date generally ranks quite low on their list of priorities. That means there are still untold millions of users who are vulnerable.

Our perspective

If you use the app or if you know anyone who does, the best thing you can do is to update to the latest version right away and have your phone thoroughly scanned to be sure you don't have the Pegasus Spyware already embedded in your system.

Meanwhile, check out this report

Free Executive Report: 10 Hidden IT Risks That Might Threaten Your Business

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. We specialize in managed IT support for smaller healthcare practices, financial services firms, and nonprofits in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your association.