Social media giant WhatsApp has revealed a security flaw that, if exploited, could give hackers near total access to your mobile device. According to WhatsApp, the security flaw in question has been discovered, addressed, and fixed, but the company is still recommending that consumers update the app to the latest possible version as a precaution.
WhatsApp is an encrypted messaging service, which enables users to keep their data private as they send messages back and forth. The appeal of WhatsApp lies most primarily in its privacy and anonymity. Because messages are encrypted, users can enjoy a fair amount of confidence that their correspondence will remain relatively private—a significant concern for some consumers in today’s data-driven technology ecosystem.
WhatsApp Security Flaw: How Does It Work?
This particular security flaw was alarming because it could give hackers who exploit that flaw access to your entire phone—meaning someone could fairly easily bypass WhatsApp’s encryption and read your messages, in addition to accessing any other sensitive data (such as ID or bank account numbers) that might be stored on your mobile device.
According to WhatsApp, the security flaw in question was exploited by malware created by a “private company.” WhatsApp did not name that private company responsible, but analysts in the media are confident that responsibility lies with NSO Group, an Isreali cyber company that specializes in creating malware for law enforcement and government spy agencies.
The discovery of NSO Group’s WhatsApp malware came about shortly before a London-based human rights attorney (involved in an international legal case against NSO Group) was targeted by this particular security exploit. NSO Group released a statement in which they denied any responsibility for targeting any individuals with their malware software.
How Common was this Malware?
The extent to which this particular malware has been used is not immediately clear—even to WhatsApp. What’s important for consumers to understand is that this vulnerability provided significant access to hackers who targeted any particular mobile device. There is no evidence that this malware was used on a large scale, however.
For most consumers, then, the simple act of updating the app should be sufficient to improve your overall mobile device security (at least as far as your WhatsApp application is concerned). However, this particular security flaw does highlight how even small—and unnoticed—exploits can create significant risks to your overall data security, especially in an era of state-sanctioned cyber espionage.
Was I Targeted by This Hack?
As of now, the complete list of those individuals targeted or effected by this particular security issue is incomplete. WhatsApp has not commented on how widespread the problem may have been. (Even the hack of the UK-based human rights lawyer was asserted by an outside cyber security group, not WhatsApp).
However, any potential security flaw that gives someone complete and total access to your phone is a significant concern. In many cases, users did not even have to accept the WhatsApp call to trigger the exploit. This means that anyone using this particular piece of malware could gain access to a mobile device, including data, apps and software (such as microphones or video).
Cyber-Security and Social Media
WhatsApp is owned by Facebook, the social media giant that has seen its own share of cyber-security issues in the past. Flaws in Facebook’s cyber-security have granted malicious actors access to identity tokens and images. Additionally, Facebook has historically had trouble keeping user data private, sharing that data with other businesses or apps either by accident or via inadequate management practices.
WhatsApp, despite being owned by Facebook, has enjoyed a slightly more robust and reliable reputation. That said, some cyber-security corners have criticized Facebook’s response to this new WhatsApp security flaw as rather sluggish.
What Should I Do?
Most users will be able to ensure their security by simply updating the WhatsApp application on their mobile device. Again, this might not be strictly necessary, as WhatsApp has reportedly addressed the issue that caused this vulnerability in the first place. However, out of an abundance of caution, the social media company suggests ensuring you’re updated.
More broadly, users can practice good cyber-security hygiene. That may be a challenge in today’s state-driven cyber-security landscape. But vigilance can help protect consumers from security issues such as the WhatsApp security flaw.
Have you kept your phone protected throughout this WhatsApp Security Flaw? Contact us for more information! Feel free to shoot us an email to Outreach@ConsiderTheConsumer.com, find us on Twitter, Facebook, Instagram, LinkedIn, or even connect with us directly on our website!
Interested in posts like these? Become a subscriber below!