WhatsApp Hacked: What You Need to Know and the Steps You Should Take
This week, WhatsApp announced that an unknown number of its users were the subject of an attack which installed spyware on user devices without their knowledge.
By exploiting a vulnerability in the app, hackers were able to gain access to user call logs, texts, cameras, microphones, and other data.
The spyware – a product of Israeli spy firm, the NSO Group – was activated by placing a voice call to targets. The targets didn’t need to pick up, there was no record of the call, and in some instances, the targets didn’t even receive a physical call at all.
Though convenient, intuitive, and incredibly popular – WhatsApp’s user base has exploded to reach 1.5 billion monthly – free chat apps are increasingly vulnerable. This attack, for example, even managed to bypass WhatsApp’s end-to-end encryption.
Naturally, this latest breach raises a number of important questions such as:
- Am I impacted?
- Has a fix been issued?
- Is there a more viable long-term solution?
Here’s what you need to know and the steps you should take.
Am I Impacted?
Most likely – no.
According to WhatsApp, the attack only infected a small number of users.
That said, the vulnerability existed across all devices and operating systems and includes the following versions:
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15
Has a Fix Been Issued?
WhatsApp has already released an update for iOS and Android devices. If you’re a WhatsApp user, you’ll want to update your application immediately.
If you’re using an iPhone or iOS device:
- Head to the App Store
- At the bottom of the screen, tap ‘Updates’
- If automatic updates aren’t enabled, hit ‘Update’ next to WhatsApp Messenger
On Android devices:
- Go to the Google Play Store
- Tap the menu icon in the upper left corner
- Tap ‘My Games and Apps’
- If WhatsApp has not been automatically updated, hit ‘Update’
Importantly, to better protect yourself in the future, consider turning on automatic updates, or update your applications and operating systems each time an update is available.
Is There a More Viable Long-term Solution?
First of all, you shouldn’t rush to ditch your favorite chat apps.
Ultimately, any piece of technology, and especially smartphones and messaging applications, is vulnerable to attack. As technology evolves at breakneck pace, so too do the tricks and tools which hackers and thieves employ to exploit potential vulnerabilities.
You should, however, consider your communication habits.
- Are you chatting for pleasure or business?
- Are you sharing information or data which, if made public could harm you, the recipient, or any other party?
- Are you using strong passwords and user authorizations?
- Are you relying on encryption only to protect yourself?
- Could an enterprise instant messenger mitigate some of these concerns?
Carefully considering these questions helps you examine whether chat applications like WhatsApp, or any other free, consumer-grade chat apps, are suitable for your communication needs.
Generally, free, consumer-grade chat apps aren’t a platform for enterprise-grade communication.
- A private team network – A private team network ensures network access is achieved only through prior authorization – confining communication safely between parties on the platform.
- Peer-to-peer communication channels – Peer-to-peer channels assure information only flows between the sender and recipient, effectively bypassing middlemen – third-party servers or cloud databases, for example – which can leave data vulnerable to attack.
- End-to-end encryption – Despite the WhatsApp attack sidestepping the application’s encryption protocols, encryption remains a vital line of defense. By scrambling communications and providing only the sender and recipient the keys to view them, end-to-end encryption makes it much harder for hackers to access messages in the majority of cases.
- Anti-virus and malware protection – Employing reputable anti-virus and malware protection is perhaps the most critical step you can take to protect yourself from viruses, malware, and spyware. Keeping it up to date and integrating it with your enterprise instant messenger better safeguards you in the event of an attack.
The unfortunate truth is that no messaging application in 2019 is 100 percent safe from malicious outside attacks.
The reality, however, is that your odds of being targeted over a private, self-hosted team network offering peer-to-peer channels, end-to-end encryption, and anti-virus and malware integration, are less likely.
By carefully considering both your communication habits and tools, you can begin to better safeguard yourself and your communication.