Next Investors logo grey

WhatsHacked? WhatsApp compromised in cyber attack

Published 15-MAY-2019 12:55 P.M.


2 minute read

Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.

In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.

The below articles were written under our previous business model. We have kept these articles online here for your reference.

Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.

Click Here to View Latest Articles

If you’re one of the 1.5 billion people that use WhatsApp, you may have a problem.

That’s the advice from the Facebook owned platform, which is in damage control after a serious weakness in the app was discovered.

Israeli cyber intelligence firm, NSO Group, is accused of being the mastermind behind spyware that can gain access to the ‘encrypted’ app without user permission.

NSO has denied this accusation.

Whoever is behind the attack, it's not fantastic for users.

The vulnerability allows hackers to discretely install spyware through an infected call on the app, which affects all devices and operating systems. The malicious program is capable of trawling through call and text/message history and can activate the device camera and microphone at will.

To make matters worse, such activity isn’t reflected in activity logs, meaning users have no idea if or when they have been compromised. However, if you haven’t received any mysterious WhatsApp voice calls from unknown parties, you are likely in the clear.

It’s yet another blow to the concept of privacy in today’s world. If the world’s most ‘secure’ social media platform is so easily exploited, where is our information safe?

The number of users affected is unknown, but several victims, including a high profile UK-based human rights lawyer, have been embroiled in the breach.

What should you do?

Facebook has deployed a server-side update to help protect users against the spyware, but users are strongly advised to manually check for updates via Google Play or the App Store.

Aside from checking for updates, users can take the following steps.

  • Disable backups

By now you’re likely familiar with end-to-end encryption – a proven form of secure communication that nullifies third parties from accessing data while it’s being transmitted between devices.

The catch however, is that if you opt to backup WhatsApp via Google drive or iCloud, you aren’t protected by end-to-end encryption.

Yes, that’s right, anyone with access to your cloud accounts can get hold of your entire WhatsApp activity log. It may be worth disabling cloud backups.

  • Enable 2FA

Another step users can take is enabling two-factor authentication (2FA). It may seem simple, but it’s another layer of protection to ensure people who attempt to gain access to your account are legitimate.

To toggle your security settings on WhatsApp, go to settings > account > privacy.

If all else fails, you can always delete the app from your device and wait it out.

General Information Only

S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.

Conflicts of Interest Notice

S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.

Publication Notice and Disclaimer

The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.

Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.

This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.