If you are like me or the 1.5 billion other users of WhatsApp, you will agree that this messaging app has become an integral part of our daily lives. But is this app safe? Recently WhatsApp released a patch to fix a severe vulnerability. The susceptibility in question allowed hijackers to embed spyware onto people’s smartphones.
Here is how hackers would have exploited WhatsApp
The vulnerability within the app would have allowed hackers to install a type of surveillance malware onto the phones of users by calling the person via the app’s phone call function. What was genuinely devious about this particular malware is that the attack could be performed regardless of whether or not the user answered their cell phone. What would make it even harder to detect is that the call would not appear in the user’s logs. So they would have no idea whether or not their smartphones had been affected.
According to Facebook: “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
According to the Financial Times, an Israeli cyber surveillance company NSO Group developed the spyware. It affected both Android and iPhones.
Who has been affected?
This vulnerability impacts iOS, Android, and Windows phone users who have installed the application. However, it is as of yet unknown how many actual smartphones were targeted by the hackers.
The advisory from Facebook’s reads: “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and for Tizen prior to v2.18.15.”
What can you do?
The team from the Adaware Malware Lab recommends that you do the following to ensure that you are not vulnerable to the WhatsApp malware
- Firstly, update your WhatsApp application. On the 13th of May, WhatsApp released a patch that sent a secured release of the app to all of its users. The patch could have been installed automatically on your smartphone. If not, update the app manually.
- As a general rule of thumb, it is always recommended that the user automatically turn on auto-updates
- Secondly, ensure your phones operating system is up to date
In addition to the patch, WhatsApp made several modifications to its infrastructure to eliminate the possibility for this attack to take place in the future. Facebook has also been working with U.S. law enforcement agencies tasked with investigating this malware attack.
Finally, when it comes to your online presence, security is paramount. Malware can come from anywhere, and the better prepared you are, the less likely you will be a victim of hackers and scammers.