The Facebook-owned messaging service listed the two precautionary measures in a message to users it believed were affected by the sophisticated Pegasus spyware. “How to stay secure: Always use the latest version of WhatsApp and keep your mobile operating system updated to receive the latest security protections,” it read.
The message also explained that while WhatsApp had earlier stopped an “advanced cyber actor” from exploiting its video-calling service to install spyware in certain mobile phones, there was a possibility that the device in question could have been affected.
This message was sent to likely victims of the spyware scandal before Facebook sued cybersecurity company NSO for over $75,000 in damages on Tuesday. It has alleged that the Israeli firm illegally used WhatsApp servers to sneak Pegasus into phones belonging to 1,400 users across 20 countries.
In India, the targeted users reportedly comprised journalists, activists, lawyers and senior government officials. Bela Bhatia, an activist working in Chhattisgarh, hinted at a deeper conspiracy behind the scandal. “The person who called me explained how I had been targeted, telling me that ‘we can clearly and categorically say your own government has done this’,” she told NDTV.
The centre has denied playing any role, instead seeking WhatsApp’s response on the issue.
Pegasus allegedly takes over the phone’s operating system during a video call, giving attackers access to users’ messages, calls and passwords. It can even turn the mobile phone into a microphone capable of listening to conversations in a room. The spyware is believed to have been used to snoop on Indian activists and journalists for nearly two weeks in April.
While WhatsApp has refused to provide the exact number of those targeted, it claims to have informed each affected user about the issue. “We quickly added new protections to our systems and issued an update to help keep people safe. We are now taking additional action on the basis of what we have learnt to date,” it said in a statement