Get Started

Best Parental Control Solution for Your Family Devices

Start Free Trial

What’s Up With WhatsApp? - Security Woes & More

PRITHIV on May 24, 2019

Whatsapp Logo

NOTE: BEFORE READING THIS ARTICLE, PLEASE UPDATE WHATSAPP. WE’LL WAIT!

Given WhatsApp’s much vaunted end-to-end encryption one might assume that it’s a reasonably safe platform to share private information on. Other than choosing the recipient of the communication carefully, it has always appeared that there’s not much risk of leaks when using this direct messaging service to keep in touch - or to share our live location, our innermost thoughts, even occasionally our financial information.

However, with latest news coming out of Israel, we now understand that WhatsApp’s encryption is not a guarantee against lapses.

First reported by The Financial Times, a surveillance software was inserted on targeted smartphones through a vulnerability on WhatsApp calls. The hack, the British newspaper reported, would allow the hacker to work around WhatsApp’s encryption and read messages.

On Sunday, a UK-based human rights lawyer was allegedly attacked by Pegasus (a spyware) and repulsed by WhatsApp. However, it is unclear how many, if any, other WhatsApp users were successfully attacked by Pegasus. According to the BBC, WhatsApp has acknowledged that the hack occurred and that a ‘select number of users’ were targeted. “Once installed, the spyware can turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data,” according to The Verge.

With a single WhatsApp call, the spyware can be installed without a trace. What makes it worse is that the spyware can be installed even if the target does not answer the call. More disturbingly, the missed call often disappears from the call logs. As a result, the victim may not know that they were targeted at all.

The Financial Times added that: “Within minutes of the missed call, the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages or location, and even turns on the camera and microphone to live-stream meetings.”

Hackers infiltrated a still unknown number of phones using a malicious spyware called Pegasus. This code, once installed, can pretty much access any information on your phone, encrypted or otherwise. Pegasus is used to gain remote access to smartphones, and has been used by governments to snoop on journalists. According to WhatsApp: “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.” This is typically expected to imply the NSO Group, the company that developed Pegasus in the first place. Though the NSO Group claims to sell spyware to governments to help fight crime and terror, the most charitable reading must admit that its spyware lends itself to abuse by governments of questionable morality. 

The NSO Group has largely operated under the radar before 2016. While they have built up a formidable reputation on the back of their ability to break through Apple’s rigorous privacy and security measures, last week’s attack shows that WhatsApp is a new target. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society,” WhatsApp said in a statement.

This was a zero-day vulnerability (discovered by developers after the attack, resulting in zero days to fix the issue). WhatsApp has already resolved the issue with the latest version rolled out, and urges its users around the world to update their apps.

The BBC reported that “journalists, lawyers, activists and human rights defenders”, most specifically human rights lawyers, were the most likely targets of this weekend’s attack. However, all WhatsApp users who are not using the latest version of the app could be vulnerable. Please therefore update your app today.

This particular hack has, in all probability, not impacted your phone (unless you are a human rights activist, politician, journalist or lawyer). This attack seems to have targeted major players around the world. However, the attack has revealed vulnerabilities in WhatsApp's systems.

If you are still using any of these versions of WhatsApp, please update right away to the latest version.

  • WhatsApp for Android prior to v2.19.134

  • WhatsApp Business for Android prior to v2.19.44

  • WhatsApp for iOS prior to v2.19.51

  • WhatsApp Business for iOS prior to v2.19.51

  • WhatsApp for Windows Phone prior to v2.18.348

  • WhatsApp for Tizen prior to v2.18.15

Malware of any kind is dangerous to all of us. Keep yourself up-to-date and informed, and take all due action to protect your data and your privacy. Stay safe!

 

Writing credit: Authored by Prithiv, a Mobicip researcher who writes about the effects of technology on health and well-being.

Keep in touch with the latest on parenting, technology and education. Subscribe to the Mobicip newsletter. Learn more at www.mobicip.com.

Recent Blogs

Everything Parents Need To Know About Omegle

Do you fancy talking to strangers? Do you like to socialize with people who are completely unknown to you, probably from the other side of the world? There’s a possibility that you are saying yes; why not right? But would you be okay with your twelve year old chatting with a complete stranger? Needl

Parental Controls in Times of Pandemic-Induced Digital Overload

Extraordinary times call for extraordinary measures.  No event in the near past has called for more extraordinary measures, than the enigmatic Covid-19 virus that has, apart from shattering lives and livelihoods, torn the fabric of normalcy in every walk of life.The difference between the current si

Ways in Which You Can Keep Your Children Engaged and Informed

In this unsettled and uncertain time, we are hopeful that you and your loved ones are safe. As the international community continues to monitor the rapidly evolving situation around COVID-19 and maintains essential operations, our primary concern is the safety and well-being of everyone affected by

Social Media Platforms Are Doing Away With "Likes"

The advent of social media has drastically changed the way people live in the modern world. Social media is only about a decade old, but it feels like longer - the impact it has made has been unprecedented.Social media has changed the culture and the way we live, for each generation from the Milleni

Here’s How Kids Bypass Apple’s Parental Control Tools

Early last year, Apple came up with a new page on its website addressing families about how safe their product is for children. With an intriguing headline - ‘You want to do what’s best for your family. So do we.’ - Apple’s new page implored parents to utilize the various tools that ensured their ch