Jump directly to the content
Revealed
GONE WITHOUT A TRACE

WhatsApp hack may be IMPOSSIBLE to detect on your phone – and Facebook is clueless

There are growing fears over the attack

A MAJOR WhatsApp hack may have exposed the private messages and photos of 1.5billion users – and there may be no way to find out if you were affected.

The Sun understands that it's difficult, and potentially impossible, for users (and Facebook itself) to make sure they weren't hacked.

There may be no way to find out if you've been hacked
2
There may be no way to find out if you've been hackedCredit: Alamy

WhatsApp hack – what happened?

An Israeli cybersecurity firm called NSO Group created hacking software called Pegasus.

Pegasus broke into users' WhatsApp accounts, giving hackers access to messages, photos, contacts and more.

The problem was detected by WhatsApp in early May, and has now been fixed by an update.

There are now major questions about who used the Pegasus software, and who was hacked by it.

Facebook is struggling to discover whose data hackers managed to access
2
Facebook is struggling to discover whose data hackers managed to accessCredit: Alamy

WhatsApp hack – how to find out if you were hacked

Sadly, it's currently impossible to find out for certain if you've been compromised by this breach.

It's reported that every user was potentially hackable using this exploit – but that doesn't mean every user was hacked.

The Sun understands that WhatsApp is having difficulty discovering which specific users have been impacted by the breach.

And the firm also believes alerting users to the issue is problematic, due to the secretive, encrypted nature of WhatsApp.

However, WhatsApp is working with a number of human rights organisations to ensure activists are aware of the issue.

In a statement given to The Sun, a WhatsApp spokesperson said: "WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.

"We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users."

WhatsApp hack – here's what the experts are saying

Assaf Dahan, Head of Threat Research at Cybereason, said...

  • "The risk is that once the spyware (Pegasus) is installed on the victim’s phone, the attackers gain complete access to all of the information on that phone (such as geo-location, contacts, messages, mail, and other data).
  • "In simple words, they can monitor everything the victim is doing, therefore complete violation of privacy.
  • "Potentially any WhatsApp user can be vulnerable to this attack.
  • "This zero day does not require any interaction from the user, and therefore is very difficult if not impossible to avoid.
  • "Since this [hack] is attributed by the researchers to the NSO Group, it’s likely used surgically, only against specific people of interest and not as a mass infection payload.
  • "Users who install the latest version [of WhatsApp] will be protected.
  • "That being said, there might be other exploits in the attackers’ arsenal that haven’t been discovered yet, that might be used against WhatsApp or other mobile apps."

In fact, it's likely that only very specific users were hacked: people with sensitive information, like journalists or lawyers.

Speaking to the Sun, cyber-expert Nabil Hannan said: "The risk with this incident is that any WhatsApp user, based on their phone number, could technically be targeted.

"Attackers can install malware allowing them to reach communications conducted on that user’s device. Any and every WhatsApp user is at risk," said Nabil, the managing principal at Synopsys.

"Technically anyone can be attacked, whether intentionally or accidentally.

"In this case the hackers seemed to have specific targets in mind, but other attackers could learn about the issue and then exploit other specific users or a wide range of users."

Evidence of the hack is also very tricky to uncover.

The hack worked by calling your phone using WhatsApp's voice call feature.

You wouldn't need to have picked up the call, pressed any buttons or even handled your phone for your device to be compromised.

This means that if you've received any unknown calls via WhatsApp, your device may have been hacked.

However, if you haven't received any calls, you may still have been hacked.

All records of the call are deleted from your phone using the exploit.

So a hacker could've called you at night while you were sleeping, only for you to take up with no evidence of the call.

That's one of the big reasons why this breach is so nefarious: it's very tricky to find proof you've been compromised.

Nabil told us that it's "very challenging" to know if compromised software was on your phone.

Facebook has previously warned users who have been caught up in hacks.

And given that Facebook owns WhatsApp, it's possible that the same may happen this time.

However, The Sun understands that this is unlikely.

WhatsApp users are being warned about infamous WhatsApp Gold malware spreading through the app

In any case, all WhatsApp users should be extremely vigilant for possible attacks in the future – particularly phishing.

Hackers may have obtained personal information about you, which would make you an easy target for "phishing" attacks.

That's where hackers pretend to be someone else – like your bank, or a phone network – to solicit information from you, like login details or money.

Be sure not to open any suspicious emails, click any unexpected links, or hand over any financial information over email.

The Sun Says

SO much for Facebook’s “secure” ­messaging service WhatsApp.

Hackers gained full access to some phones just by making a voice call. Users didn’t even need to answer to fall prey.

Which illustrates how easily skilful and malevolent hackers can find holes in apparently impregnable software.

And how those who downplay the threat from China’s tech giants to our security and 5G network are making a naive mistake.

MOST READ IN TECH

Passenger jets SWERVE exploding SpaceX rocket as cockpit vid shows flying debris
MOVE NOW!

Passenger jets SWERVE exploding SpaceX rocket as cockpit vid shows flying debris

SpaceX rocket EXPLODES as debris rains down…but Musk says 'entertainment guaranteed'
KABOOM

SpaceX rocket EXPLODES as debris rains down…but Musk says 'entertainment guaranteed'

Scientists unearth tomb with bones of 18 horses sacrificed in grim rituals
CHILLING FIND 

Scientists unearth tomb with bones of 18 horses sacrificed in grim rituals

iPhone scan shows if someone you know is stalking you as Apple urges 'screenshot' it
I-SAFE

iPhone scan shows if someone you know is stalking you as Apple urges 'screenshot' it

WhatsApp users have been warned to update their phones immediately.

Follow our guide on how to install the latest version of WhatsApp.

And find out how to get the latest WhatsApp features before everyone else.

Are you planning to ditch WhatsApp after this incident? Let us know in the comments.

We pay for your stories! Do you have a story for The Sun Online news team? Email us at [email protected] or call 0207 782 4368 . We pay for videos too. Click here to upload yours.

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU