Get Started

Best Parental Control Solution for Your Family Devices

Start Free Trial

What’s Up With WhatsApp? - Security Woes & More

PRITHIV on May 24, 2019

Whatsapp Logo

NOTE: BEFORE READING THIS ARTICLE, PLEASE UPDATE WHATSAPP. WE’LL WAIT!

Given WhatsApp’s much vaunted end-to-end encryption one might assume that it’s a reasonably safe platform to share private information on. Other than choosing the recipient of the communication carefully, it has always appeared that there’s not much risk of leaks when using this direct messaging service to keep in touch - or to share our live location, our innermost thoughts, even occasionally our financial information.

However, with latest news coming out of Israel, we now understand that WhatsApp’s encryption is not a guarantee against lapses.

First reported by The Financial Times, a surveillance software was inserted on targeted smartphones through a vulnerability on WhatsApp calls. The hack, the British newspaper reported, would allow the hacker to work around WhatsApp’s encryption and read messages.

On Sunday, a UK-based human rights lawyer was allegedly attacked by Pegasus (a spyware) and repulsed by WhatsApp. However, it is unclear how many, if any, other WhatsApp users were successfully attacked by Pegasus. According to the BBC, WhatsApp has acknowledged that the hack occurred and that a ‘select number of users’ were targeted. “Once installed, the spyware can turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data,” according to The Verge.

With a single WhatsApp call, the spyware can be installed without a trace. What makes it worse is that the spyware can be installed even if the target does not answer the call. More disturbingly, the missed call often disappears from the call logs. As a result, the victim may not know that they were targeted at all.

The Financial Times added that: “Within minutes of the missed call, the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages or location, and even turns on the camera and microphone to live-stream meetings.”

Hackers infiltrated a still unknown number of phones using a malicious spyware called Pegasus. This code, once installed, can pretty much access any information on your phone, encrypted or otherwise. Pegasus is used to gain remote access to smartphones, and has been used by governments to snoop on journalists. According to WhatsApp: “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.” This is typically expected to imply the NSO Group, the company that developed Pegasus in the first place. Though the NSO Group claims to sell spyware to governments to help fight crime and terror, the most charitable reading must admit that its spyware lends itself to abuse by governments of questionable morality. 

The NSO Group has largely operated under the radar before 2016. While they have built up a formidable reputation on the back of their ability to break through Apple’s rigorous privacy and security measures, last week’s attack shows that WhatsApp is a new target. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society,” WhatsApp said in a statement.

This was a zero-day vulnerability (discovered by developers after the attack, resulting in zero days to fix the issue). WhatsApp has already resolved the issue with the latest version rolled out, and urges its users around the world to update their apps.

The BBC reported that “journalists, lawyers, activists and human rights defenders”, most specifically human rights lawyers, were the most likely targets of this weekend’s attack. However, all WhatsApp users who are not using the latest version of the app could be vulnerable. Please therefore update your app today.

This particular hack has, in all probability, not impacted your phone (unless you are a human rights activist, politician, journalist or lawyer). This attack seems to have targeted major players around the world. However, the attack has revealed vulnerabilities in WhatsApp's systems.

If you are still using any of these versions of WhatsApp, please update right away to the latest version.

  • WhatsApp for Android prior to v2.19.134

  • WhatsApp Business for Android prior to v2.19.44

  • WhatsApp for iOS prior to v2.19.51

  • WhatsApp Business for iOS prior to v2.19.51

  • WhatsApp for Windows Phone prior to v2.18.348

  • WhatsApp for Tizen prior to v2.18.15

Malware of any kind is dangerous to all of us. Keep yourself up-to-date and informed, and take all due action to protect your data and your privacy. Stay safe!

 

Writing credit: Authored by Prithiv, a Mobicip researcher who writes about the effects of technology on health and well-being.

Keep in touch with the latest on parenting, technology and education. Subscribe to the Mobicip newsletter. Learn more at www.mobicip.com.

Recent Blogs

Multiplayer Online Video Games: Here’s What Happens

Online gaming is a world that we, as parents, can’t seem to wrap our heads around and yet, so many of our children seem to be immersed in the culture. And yes, it really is a culture! With thousands of participants across the globe, having their own inside jokes, rituals and habits around a game… th

Cybersecurity: How to Create a Safe Internet Environment for your Children

The freedom and variety offered by the internet make it a notoriously attractive space for children of all ages. There’s always something to watch, someone to talk to. Adults sometimes find the sheer volume of information overwhelming. Children, on the other hand, feel like they’re skipping around i

‘Finsta’ Is On The Rise. What Should You Do About It?

Finsta, or Fake Insta, is a fake Instagram account created mostly by teens. It’s not to be confused with a secondary or business Instagram account. Finsta is simply a secret account teens use to share images with a smaller and more tightly knit audience. (If you guessed that you, the parent, would n

How To Kickstart A Digital Plan That Works For Your Family

If you feel that the emotional distance between you and your children is ever growing, then you are not alone. This distance can largely be attributed to how smartphones and social media have taken over our children’s lives. For parents of digital natives, this baffling problem is new and seemingly

8 Educational Websites Your Kids Will Love to Use

In the modern world, internet access is available to billions of people, which also means information on any given topic is available in abundance. But the issue remains: What is the legitimacy of the source that you're gathering information from and how can you be sure you can trust it?With the new