Is your WhatsApp safe from 'Pegasus' spyware? Here's all you need to know

Without disclosing the names of the compromised accounts, the Facebook-owned platform said around 1,400 users across four continents were hit, including Indian journalists and human right activists.

Published: 01st November 2019 05:59 PM  |   Last Updated: 01st November 2019 08:02 PM   |  A+A-


Image of WhatsApp logo used for representational purposes.

By Online Desk

WhatsApp's security webpage brags that privacy and security are in its DNA. But those boasts turned out to be hollow, with the messaging platform saying on Tuesday that it was suing an Israeli surveillance firm NSO Group for reportedly spying on hundreds of its users globally through its spyware 'Pegasus.' 

All hell broke loose with the messaging giant's revelation, creating a furore about the huge security breach in the encrypted platform. Without disclosing the names of the compromised accounts, the Facebook-owned platform said around 1,400 users across four continents were hit, including Indian journalists and human right activists.  

The 'highly sophisticated cyber-attack' reportedly took place in May 2019, exploiting WhatsApp's video calling system. The hackers were able to install the malware in users' phones, including iPhones and Android devices, through loopholes with just a missed call, without leaving any trace on the gadget. 

The spyware Pegasus/Q-suite was developed by NSO Group, also known as Q Cyber Technologies, an Israeli firm that claims to help the government with technology in fighting terror and unlawful activities. However, cybersecurity experts from Toronto-based academic group Citizen Lab have drawn attention to the threats posed by the Israeli firm. 

How to safeguard yourself from Pegasus

In May 2019, after identifying the security breach, WhatsApp quickly tried to fix the loophole with an app update, which made the spyware's efforts to penetrate into users' accounts futile. 

Facebook released an advisory regarding the same. "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number," the advisory read. 

WhatsApp versions vulnerable to the hack

WhatsApp for Android prior to v2.19.134
WhatsApp Business for Android prior to v2.19.44 
WhatsApp for iOS prior to v2.19.51
WhatsApp for Windows Phone prior to v2.18.348
WhatsApp for Tizen prior to v2.18.15

In other words, your WhatsApp is secured if it is running on the latest updated version i.e.,

Android v2.19.308 
Business for Android v2.19.108
iPhone v2.19.112 

There is a caveat, though. Avoid clicking on messages from unknown numbers since that can still lead to the software being installed.

Why Indians should be worried

At least a dozen Indians were hacked with the malware, including journalists, human rights activists and lawyers. WhatsApp in collaboration with Citizen Lab reached out to all the affected users and informed them about the malicious attack. The victims include Nihal Singh Rathod, Bela Bhatia, Sidhant Sibal, Anand Teltumbde and Shubhranshu Choudhary. 

These users received suspicious WhatsApp calls or messages along with links, clicking on which gave the Pegasus client access to the target's private information on their phone. 

In response, the government of India reached out to the messaging platform asking for an explanation about the breach and measures taken to safeguard the privacy of millions of Indians. IT Minister Ravi Shankar Prasad assured that the government is committed to protecting the privacy of Indian citizens. Soon, the issue took a political turn in India, with the opposition accusing the Centre of snooping into the personal accounts of journalists and human rights activists. 

Follow The New Indian Express channel on WhatsApp


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp