An urgent app update has been released by WhatsApp today and users are being urged to install it immediately. The update patches a serious security flaw that allows hackers to install ‘surveillance software’ on your mobile phone.
Incredibly advanced malware
According to the WhatsApp security team, testing shows that the malware is actually an extremely security toolkit of the type used by government intelligence agencies. Using a zero-day exploit, hackers have been able to install monitoring software without the phone owner realising there was a problem.
WhatsApp have not released many details about the malware, but it appears that a security flaw meant that the install could be completed without any action by the phone’s owner. All they had to do was ring the target phone using WhatsApp’s calling feature – the victim didn’t even have to answer the call. The malware would also delete any missed call messages, so the victim had no idea they had been compromised.
No apps are totally secure
WhatsApp is designed to be secure. The app uses end-to-end encryption to protect messages for instance; if a hacker tries to intercept a message in transit, they won’t be able to read the text. Only the sender and recipient can decrypt and read the messages.
But by gaining access to a victim’s phone, the hackers are able to read both the address book and any messages sent and received. The compromised smartphone is performing all of the necessary decryption.
WhatsApp have been clear that only a small number of people have been hacked using this new malware – most probably by a nation state spying on political enemies. However, the same ‘hole’ that allows malware installation is present on every phone running WhatsApp – so you may become a victim at a later date.
To avoid breach, you must install the WhatsApp update as soon as possible. This will immediately close the loophole that is being exploited by hackers.
If you have not already done so, you should also install an antivirus tool on your smartphone. Panda’s Antivirus for Android will scan your phone for known privacy issues for instance, allowing you to patch security issues, and to uninstall suspicious or risky apps. And the premium service offers a secure VPN connection to block unknown connections, reducing the risk of a malware infection – and filtering out unwanted ads too.
WhatsApp has earned its reputation for security, and the way in which they have approached this breach has been responsible and responsive. There have been concerns about how the service will change since Facebook took over, but the introduction of malware is entirely different to internal data harvesting operations. But as WhatsApp hits the headlines again, it may be time to re-evaluate which secure messaging app you use in future.