Sophia Pich and Yehoa
@ zophiap on Twitter
The WhatsApp application has identified a security flaw that allows users to connect using a function called so that a spyware program known as Pegasus is installed on the device.
The vulnerable operating systems were Android, iOS, Windows Phone, and Tizen. Facebook, the owner of the messaging service, overcame the vulnerability and updated the application to prevent further victims whose image was not specified by the social network.
Edson Villar de Silva, the regional leader of Marsh Cybers-Sykes, explained to El Peruano that the attack was aimed at exploiting a vulnerability that would allow insufficient verification of parameters to be used to execute the attacker's orders.
"Detailed technical information has not been disclosed yet, but if the case is limited to WhatsApp, it could give silent access to information such as location, contacts, calendar, pictures, microphone, camera, among other functions of the computer," he warned.
Can spyware be detected by victims? Users have noticed that they have received missed calls from unknown numbers. "The sophistication of this attack is attributed to an Israeli company that specializes in cybersecurity and cyber information called the NSO Group," the expert said.
The investigation, he said, makes it possible to assess that these will be affected by specific targets and that this was not a cyber attack on a global scale. The application recommended that users download the latest version from official stores.
The expert added that WhatsApp users must update the operating system of the mobile device as well as install applications from authorized sites.
"If you suspect you are compromised by this attack, the application update can not be effective in eliminating spyware, so another recommendation will be to design the computer to erase traces of malware in the system," he added. .
It also suggested limiting the permissions of applications to access the user's private information and install anti-virus.