WhatsApp Discovers Major Security Loophole

WhatsApp Discovers Major Security Loophole

Here's what you need to know about WhatsApp's major security flaw.

  • By Sydny Shepard
  • May 16, 2019

The team at WhatsApp, the Facebook-owned messaging platform which has surpassed 1.5 billion users around the world, says a major security loophole was exploited by an Israeli-based group that has a history of working with governments to steal data and spy on citizens.

An article by TechCrunch explained the vulnerability as a, "bug in the audio call feature of the app to allow the caller to enable the installation of spyware on the device being called, whether the call was answered or not."

There's no word yet on how many users were targeted by the attack, but WhatsApp says they believe it is a relatively small group. A fix for the problem was rolled out within 10 days of its discovery. The messaging app is urging all users to update to the latest version of the app to eliminate any further concern.

Craig Young, computer security researcher for Tripwire's VERT (Vulnerability and Exposure Research Team), said that an attack like this should have been somewhat expected.

"A compromised smart phone is a veritable treasure trove for spies looking to infiltrate a target," Young said. "Consider that WhatsApp surpassed 1.5 billion installs over a year ago, it should come as no surprise to anyone that sophisticated adversaries like NSO group are investing resources to develop exploits for it."

Attacks like these have played out in similar messaging services like Apple's iMessage and Google Hangouts, according to Young. He offered up a few tips for organizations hoping to avoid an attack like WhatsApp suffered.

“Organizations concerned about such targeted attacks should be taking extra precautions to limit what data including emails, messages, and account credentials are stored on devices," Young said. "In some cases, it makes sense to have multiple devices for multiple purposes and to restrict the ability to bring phones to sensitive meetings or locations.”

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3