A serious hack hit WhatsApp
A security flaw in WhatsApp’s audio calling feature let hackers install spyware on iPhones and Androids. The attack is expected to have a limited reach but you should update WhatsApp straight away WhatsApp’s default end-to-end encryption is one of Facebook’s biggest security assets – but even this doesn’t help when the app itself is attacked. Mark Zuckerberg’s company has found a sophisticated cyberattack has been used to exploit a weakness in the messaging app that’s used by more than 1.5 billion people worldwide.
In early May security engineers at the company found a software flaw in the audio call function of WhatsApp. The issue meant that phone calls made to both Android and iPhone versions of WhatsApp could allow malicious software, which conducts surveillance on a user’s behaviour, to be installed. Bugs in the coding of software crop up all the time, but this is different.
What makes this case particularly alarming is WhatsApp believes it is more than just some problematic language within its app. The security vulnerability appears to have been actively exploited and used as a method of surveillance. However, installing spyware on phones is highly intrusive and even if it was successful in a small number of cases it is likely to have provided an attacker with huge amounts of information.
Spyware software can record and access everything that is done on a mobile phone, before sending the data back to the attacker. Because spyware operates on a handset, it is able to see the end-to-end encrypted messages, such as those sent through WhatsApp, as it has direct access to what is happening on the device.