A vulnerability in Facebook’s WhatsApp messaging app enabled attackers to spread surveillance software to iPhones and Android smartphones with just a phone call, the Financial Times recently reported.
Unfortunately, there doesn’t appear to be a definitive way to check whether or not a device has been affected by the surveillance software.
However, there are certain signs users can look out for that could be helpful in discerning whether a mobile device is being unknowingly manipulated by a third party.
“One is to try and keep a look at changes in your mobile device,” said Domingo Guerra, a mobile security expert for antivirus software maker, Symantec.
“If battery usage seems to be completely different than just recently, or if the device is running hot because maybe it’s sending and receiving a lot of data, there may be signs that the device is compromised.”
Updating the WhatsApp app on your smartphone to the latest version and keeping your mobile phone’s operating system up to date are critical first steps if you believe your device may be affected.
WhatsApp discovered the vulnerability this month and promptly fixed the issue. But the company has not said how many of the app’s 1.5 billion users are estimated to be affected.
When asked whether WhatsApp users can tell whether or not their device has been impacted, a company spokesperson issued the following response:
“Given the limited information we collect, it is hard for us to say with certainty the impact to specific users. We will work with human rights organizations with expertise, monitoring the work of private cyber actors.
Out of an abundance of caution we are encouraging all users to update WhatsApp as well as keep their mobile OS up to date.”
The malicious software was developed by NSO Group, according to the Financial Times, a controversial security firm that develops a product called Pegasus that can activate a device’s camera and microphone and scrub through emails.
The company markets its product toward governments and intelligence agencies.
Because the type of malware used in this attack is usually very expensive and is typically sold to governments and intelligence agencies, the average person doesn’t have much reason to be concerned, says Jay Rosenberg, a senior security researcher at antivirus software firm Kaspersky Labs.
“This is government-grade malware that costs millions of dollars,” he said. “Unless you’re the target of some government, then you really have nothing to worry about. Your average cyber criminal is not doing this.”
There’s no evidence to suggest that this was a large-scale attack, but NSO Group’s software has been encountered in past attempts to compromise devices belonging to activists.
In 2016, for example, prominent human rights activist Ahmed Mansoor received text messages with links that would have installed surveillance software from NSO Group on his phone.
Tools like Apple’s Screen Time feature can make it easier to keep track of the apps that are being used most frequently on your phone, which Guerra says could be an important tactic for spotting potentially malicious behavior, should your device become affected by an attack.
But a more reliable way to detect outside manipulation can be to look at which apps are eating up the most battery life and data. That’s because apps running in the background might not show up in apps like Screen Time, says Guerra.
Keeping track of your regular data usage can be particularly critical, as a spike in data transfers can be a signal that something isn’t right.
Guerra suggests regularly checking metrics like data and battery usage so that it’s easier to spot when something seems out of the ordinary. He also suggests uninstalling apps that you don’t regularly use to limit the number of programs that could be collecting your data.
Regularly backing up your device is also important to make it as seamless as possible to switch to a new phone in the event that your phone is compromised.
“[Our smartphones] could be the perfect spy tool,” said Guerra.
“It’s got cameras front and back, it’s got microphones, it’s got GPS so your location, your calendar. But that data is no good to anyone trying to spy on you if it stays on your device. So whatever the device is recording or collecting, it needs to be transmitted back to the attacker.”