WhatsApp has asked users to upgrade the app to the latest version, and ensure that their mobile operating system is up to date, to protect themselves against a recently discovered (and fixed) vulnerability which used the WhatsApp calling feature to compromise user devices. Earlier this month, the company discovered a vulnerability that could enable the attacker to "insert and execute code on mobile devices". Here's what we know about the exploit and the spyware Q. How did the exploit spread? A WhatsApp spokesperson told us that it seems (and it's too early for them to confirm) that this exploit involves a voice call to a user, likely from a number that was not familiar to them. Financial Times reports that the code could be transmitted even if the call wasn't answered, and that incoming call logs were often erased. This means that the software could often be installed undetected. Q. How did the spyware work? Who created it? How was it discovered? The spyware can be used to install surveillance software on to both iPhones and Android phones. Financial Times cites Citizen Lab, the Canada based cybersecurity research organisation as saying that the spyware is "linked to technology" developed by Israeli cyber intelligence company NSO Group. The vulnerability was discovered when it was used in an attempted attack on a lawyer involved in a lawsuit against NSO. Citizen Lab observed the attack on the lawyers phone, and had suspected that the person would be targeted. Citizen Lab has been investigating the…
