WhatsApp: How do I download update, am I affected by spyware and how do I fix it?

Bug is one of the most serious security issues ever found – but can be fixed with a couple of simple steps

Andrew Griffin
Tuesday 14 May 2019 08:46 BST
Comments
Whatsapp users urged to update app immediately as disastrous security bug discovered

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

WhatsApp users across the world are vulnerable to an attack that could take over their phone with just one missed call.

The security bug – since fixed by WhatsApp, but not before it could affect dozens of people – has led to concern about just how safe the encrypted chat app really is.

But protecting your phone from the latest attack is fairly simple. It mostly just means checking on some apps and ensuring that everything is up to date.

Users have been urged by WhatsApp to make sure they do that as soon as they can, in order to keep themselves and their phone safe.

Not doing so could allow people exploiting the bug to take over the phone through the app, giving them untold access to personal and private information.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokesperon said. "We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”

The bug was found earlier this month, the company said, and it has been working to ensure that it is fixed since then.

It is still not clear how it came about but the technology to exploit the bug is thought to have been sold by cyber security experts, who gave it to governments in order to allow them to spy on citizens.

Who is affected?

Anyone using WhatsApp, or WhatsApp for business. Its versions on iOS and Android are affected, but so are those on Windows or Tizen.

That means more than 1.5 billion people around the world could have been hit by the attack. But the actual number affected is thought to be much lower, with the exploit only being used to target a select number of people, according to WhatsApp.

What do I need to do?

First, update the app on your phone.

On iOS, that's done by heading into the App Store and clicking "Updates", and updating if you are on a version earlier than 2.19.51. On Android, open up the Play Store, click into the menu and choose my apps and games, where you should find WhatsApp, which should be version 2.19.134 or later.

You may find those are up to date without you actually having to do anything. Both operating systems now automatically update their own apps, and in most cases will probably have downloaded the new version already.

You should also make sure that your phone is updated. While the specifics of the attack and the way that it interacts with the rest of your phone's software are still unclear, ensuring that you have the latest version of the operating system will keep you safe from other bugs and security failings too.

WhatsApp also says that it has made changes in its infrastructure that stop the attack taking place.

How do I know if the exploit has already been used on me?

It's first worth noting that – while vigilance is incredibly important – the likelihood is that you haven't been targeted.

The technology to use the exploit is a highly developed tool, reportedly sold to governments and kept tightly under wraps, and it is thought to have been used on dissidents and activists. While the number of people affected is alarmingly high, at a few dozen, it is still only a tiny proportion of the number of people using WhatsApp.

Still, it is very much worthwhile to think about whether you might have been affected by the exploit.

The way the exploit is seized upon is for someone to ring you. You don't need to answer the phone, so all it takes is that missed call – and that is the central clue that something has happened.

Anyone affected will probably have a mysterious missed call or two from a number they don't recognise. Most likely you will not have spoken to the person who called, but if you've been receiving suspicious calls from unexplained numbers then it is worth thinking about whether something has happened to you.

In the very unlikely event that it has, it may be worth stopping using WhatsApp and deleting the app from your phone, which will also stop the exploit from working. Check in with WhatsApp itself and with cyber security experts, who should be able to advise the best way to proceed, especially if you work in especially sensitive industries or may have been targeted for specific reasons.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in