Call us on 03450 21 21 51

What’s up with WhatsApp?
The SRM Blog

What’s up with WhatsApp?

Julia Wailes-Fairbairn

Written by Julia Wailes-Fairbairn

15th May 2019

Share this article

What's up with WhatsApp

Despite its end-to-end encryption, WhatsApp was found to be vulnerable to a precisely targeted attack earlier this month. But as the news emerges, we should not necessarily focus on this specific threat, which is unlikely to affect the vast majority of the app’s 1.5bn users worldwide. Instead, we should use this as a timely reminder that there is risk associated with all the applications we use and ensure that any applications which send and receive data are kept up-to-date and patched.

That’s because malicious hackers will always seek to develop new ways of exploiting vulnerabilities. In the context of the WannaCry attack, which on 12th May 2017 encrypted thousands of systems in a matter of hours across more than 150 countries, this attack has a much smaller reach, being very precisely targeted at a number of specific individuals.

What is alarming is that although WhatsApp has long been considered one of the more secure means of communication, what the company describes as ‘an advanced cyber actor’ has discovered a vulnerability into which commercial spyware can be injected. Reportedly developed by Israel’s secretive NSO group, this spyware gains access through a simple telephone call, even if that call is not answered. Once installed, the spyware can turn on a phone’s camera and microphone, scan emails and messages, and collect the user’s location data.

This shows yet another evolution in the development of cyberattacks. And this process of evolution continues to morph and shape new threats. For example, two years on from the neutralisation of WannaCry there are new variants in existence which continue to infect systems globally.

Thankfully WhatsApp has swiftly released a patch for this vulnerability and urges all users to update their version of WhatsApp to include this. Which brings us back to the main point of this article. The app providers are working quickly and effectively to identify and block any potential threats. But unless we ensure that apps are up-to-date and patched when required, we will not be protected.

From a business perspective, SRM often sees WhatsApp being utilised as a tool for an ever increasingly mobile workforce. So in addition to regular patching, vulnerability checks and network penetration testing of your systems, it’s also worth considering if all of your policies, processes and training encompass all of your exposure points.

To discuss any aspect of your information security, call +44 (0) 3450 21 21 51.

Or visit our website.

Follow us on Linkedin.

Or read our blog:

It’s not a Dark Art: how we demystify cyber security

Business Continuity – what we can all learn from the NHS response to WannaCry

PCI DSS compliance is like a car maintenance: not just an annual event

Back to top