New Delhi: The world's most popular messaging app - WhatsApp, which is owned by Facebook, accepted on Tuesday that they were targeted by an “advanced cyber actor.” The security flaw gave access to the hacker to install spyware on targeted mobile phones and give access to personal details like calls, photos, location data, private messages and other information. The spy software, developed by Israel based firm NSO, can gain access to critical information through their targets' smartphone.

How does it work?

Hackers can install spying program through an infected WhatsApp voice call. The spyware can be installed on a user’s phone through a WhatsApp voice call, whether the call was answered or not. This spyware named Pegasus could potentially extract all the WhatsApp data from your smartphone, which include text messages, GPS location, email, browser history, images and more.

Also read: WhatsApp asks users to update app over Israeli spyware threat 

WhatsApp has admitted this vulnerability involved a missed call coming to the phone through the app. The hacker would then use that missed call to slide a piece of malware into the phone. The spyware can be even used to turn on the phone's microphone to capture encrypted conversations, private files and personal materials.

What is NSO Group?

It is an Israel based cybertechnologies company. NSO has developed technologies that governments and law enforcement agencies can use to track and intercept terror activity, break up organized crime operations, and even search for missing persons. NSO claims that it sells only to responsible countries after diligent vetting, and with Israeli government approval. NSO needs a Ministry of Defense licence in order to meet with potential clients who must be approved by a business ethics committee. 

Each license must receive specific government approval and every 12 months each contract is re-examined by the business ethics team before it's renewed. The company says all credible allegations of misuse of the product are investigated and in three instances, NSO has shut down its product as a result.

Also read: WhatsApp to introduce new security features; No more sending screenshots to friends

Which phones does it affect?

Any phone running either WhatsApp or the WhatsApp Business app can be affected. All brands of phones with WhatsApp installed are affected, including Apple’s iPhone (iOS), Android phones. WhatsApp is used by 1.5 billion people globally.

How many people are affected?

The number of people spied on is unknown but it is suspected that a large group of users have been targeted. If you haven’t received any WhatsApp voice calls or dropped calls from unknown parties, then you have probably not been targeted. 

What do I need to do to protect myself?

Facebook implemented a server-side change to help protect users and pushed out updates for the various smartphone WhatsApp versions. Users are strongly advised to check for updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device. Failing that, uninstall WhatsApp from your phone will protect you from the attack. Here is the link to update your WhatsApp