WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk

WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk

SUMMARY

The WhatsApp vulnerability allowed attackers to inject spyware on phones through voice calls

The spyware was reportedly developed by Israeli cyber surveillance company NSO Group

WhatsApp has asked all its users to update the app to the latest version

Facebook-owned chat messaging service WhatsApp has fixed a massive data vulnerability that left its over 1.5 Bn users at risk from malicious spyware. The data vulnerability which could have led to breaches and unauthorised malware installation has seemingly been present on WhatsApp for a number of years.

The bug was first reported by the Financial Times, which said that the vulnerability allowed attackers to inject spyware on phones with WhatsApp by using the app’s voice call function. The attack allowed hackers to surreptitiously install apps in the background during a voice call.

The report added that the spyware was developed by Israeli cyber surveillance company NSO Group. However, in a statement, NSO said its technology is licensed to authorised government agencies “for the sole purpose of fighting crime and terror”. The company added that it does not operate the system itself and also has a rigorous licensing and vetting process.

“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO was quoted as saying.

Spyware Installed During Voice Calls

The malicious spyware affected WhatsApp on both Android and iOS. However, the extent of the damage couldn’t be ascertained even though WhatsApp claimed that it fixed the issue within 10 days. However, considering that voice calling has been around on WhatsApp since 2014, the vulnerability could have already been exploited in the real world.

The company claimed its engineers worked around the clock in San Francisco and London to plug the vulnerability. Further, WhatsApp also started to roll out a fix last week and issued a patch for customers yesterday (May 13, 2019). It has urged all customers and users to update to the most recent version of the app through Google Play or Apple App Store.

A WhatsApp spokesperson said, “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”

WhatsApp Investigating The Data Breach

WhatsApp disclosed the issue to the US Department of Justice last week. Further, it also informed its lead regulator in the European Union, Ireland’s Data Protection Commission (DPC), of a “serious security vulnerability” on its platform.

In a statement, the body said, “The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorized software and gain access to personal data on devices which have WhatsApp installed.” It added that it’s actively engaging with WhatsApp Ireland to determine the extent of damage.

Even though the impact of vulnerability remains unclear, it’s not the best time for Facebook to be dealing with another major data controversy. After more than one year of continued data breaches and data concerns on a global level around its main social media platform, this is Facebook’s biggest security gaffe around WhatsApp.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk-Inc42 Media
WhatsApp Fixes Major Voice Call Vulnerability That Left 1.5 Bn Users At Risk-Inc42 Media
You’re in Good company