WhatsApp recently confirmed that a dangerous voice call exploit allowed malicious parties to load NSO Group’s Pegasus spyware onto Android and iOS devices.
The exploit allows hackers to install spyware on a person’s phone through an infected WhatsApp voice call, even if they do not answer the call.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” Facebook said.
The Pegasus spyware allows hackers to delete calls from logs, access users’ cameras and microphones, and uncover their location and messaging information.
WhatsApp fixed the issue on its servers on 10 May and launched an update on 13 May to secure the vulnerability in its smartphone applications.
The company urged users to upgrade to the latest version of our app and keep their mobile operating system up to date to protect against potential targeted exploits.
How to check if you have been hacked
The bad news is that it is very difficult to know for sure whether your phone has been hacked through WhatsApp, and whether the Pegasus spyware is running on your phone.
However, there are signs which can indicate that your phone may have been infected with spyware.
Symantec mobile security expert Domingo Guerra said users should look out for the signs below:
- Look for sudden changes in your mobile device.
- Check if your battery usage changed significantly without a change in how you use your phone.
- Check if your device is running hot.
- Check if your data usage has suddenly increased significantly.
The good news is that if you have not received any WhatsApp voice calls or dropped calls from unknown parties, you have most likely not been hacked.
Discussion with MyBroadband’s Jan Vermeulen
MyBroadband’s Jan Vermeulen discusses the WhatsApp security breach in the interview below.