WhatsApp, the popular messaging service owned by Facebook, has been targeted with a software vulnerability that allowed attackers to install spyware onto mobile devices. This vulnerability has also affected WhatsApp’s Business app – which is used by over 3 million businesses globally.
WhatsApp has encouraged all of its personal and business
users to update their app immediately via their mobile or desktop device app
The spyware was developed by Israeli Security firm ‘NSO Group,’ who managed to install surveillance software on a target device using the voice calling functionality of the app, according to the Financial Times.
WhatsApp have revealed this was due to a buffer overflow vulnerability in the WhatsApp VOIP stack that allowed remote code execution via a series of specially crafted SRTCP packets sent to a target phone number.
In layman’s terms, they devised a way to gain a backdoor into seeing all of a cellphone’s messages, contacts and call history by calling the device using WhatsApp. This vulnerability was used to attempt to hack the phone of a UK-based lawyer, involved in a high profile lawsuit.
In a statement, WhatsApp have now urged all their users to update the app in order to secure their devices. But what does this breach mean for businesses using WhatsApp as a communication tool?
WhatsApp and Business
WhatsApp have 1.5 billion users around the world. A staggering amount of global communication goes through WhatsApp, 65 billion WhatsApp messages are sent per day, or 29 million per minute. WhatsApp is also being increasingly used in business.
WhatsApp provides a way for employees to instantly
communicate, about work topics or otherwise. It helps employees who work
remotely get in touch with colleagues and can help make company communications more
WhatsApp have embraced this with ‘WhatsApp Business’, launched in January 2018. This app is free to use and allows companies to communicate with their customers instantly, automate responses to, deliver support and push out news and notifications. WhatsApp business is now being used by three million businesses around the world.
WhatsApp is even being used to make payments in India, with personal users and businesses being able to make and receive payments over the platform.
WhatsApp has built its reputation around the fact it’s messages are secured with end-to-end encryption which is untraceable by governments. This has meant it has become a popular method of communication for human rights groups, journalists, lawyers and even high-profile politicians in the UK to talk privately.
But this latest breach shows that the app is not as secure as
its reputation suggests, and businesses, professionals and organizations should
be wary of using the app for secure communications.
The security risks
While there are benefits for businesses using a platform like WhatsApp, they can pose multiple security risks.
This latest vulnerability has meant that attackers potentially
would have a backdoor into all of a business’s communications with their
customers. Even for the smallest business this could put financial and
sensitive personal information at risk.
Businesses using WhatsApp should be extremely vigilant about
what they are sending, as vulnerabilities like these could affect the service
at any time.
This latest vulnerability is just the latest in a long line
of security concerns with the WhatsApp service.
In 2015, WhatsApp was ranked last by the Electronic Frontier Foundation for it’s failure to protect its user’s data privacy.
WhatsApp’s parent company Facebook has also been plagued with security mishaps, and the company is planning to merge the software architecture. This has led to concerns over whether a software breach in Facebook or Instagram, will affect WhatsApp users.
What this means for WhatsApp Business users
The security concerns with using the WhatsApp service for sensitive
business communications means that users should be extremely vigilant when
using the platform.
You should always make sure you keep the app updated and use
anti-virus or endpoint protection products which scan for spyware
Remember that your messages may not be as secure as you
hope, so never reveal any personal or financial information over the app, even
to trusted contacts. For these types of conversations, use a more secure method
Following steps above are critical to keep you safe from cyber threats.
Companies using WhatsApp for internal communications may be interested in reading end user reviews of the top Mobile Data Security solutions.
If you’re interested in a more secure way to conduct business conversations than WhatsApp in the wake of this breach, check out reviews of the top Email Encryption platforms.
About Expert Insights:
Expert insights is an independent review platform for Cyber
Security services. They offer to readers detailed and meticulously researched
product information written by industry experts, and independent end user
reviews. This helps customers looking for cyber security services make an
informed buying decision.