WhatsHacked? WhatsApp compromised in cyber attack
If you’re one of the 1.5 billion people that use WhatsApp, you may have a problem.
That’s the advice from the Facebook owned platform, which is in damage control after a serious weakness in the app was discovered.
Israeli cyber intelligence firm, NSO Group, is accused of being the mastermind behind spyware that can gain access to the ‘encrypted’ app without user permission.
NSO has denied this accusation.
Whoever is behind the attack, it's not fantastic for users.
The vulnerability allows hackers to discretely install spyware through an infected call on the app, which affects all devices and operating systems. The malicious program is capable of trawling through call and text/message history and can activate the device camera and microphone at will.
To make matters worse, such activity isn’t reflected in activity logs, meaning users have no idea if or when they have been compromised. However, if you haven’t received any mysterious WhatsApp voice calls from unknown parties, you are likely in the clear.
It’s yet another blow to the concept of privacy in today’s world. If the world’s most ‘secure’ social media platform is so easily exploited, where is our information safe?
The number of users affected is unknown, but several victims, including a high profile UK-based human rights lawyer, have been embroiled in the breach.
What should you do?
Facebook has deployed a server-side update to help protect users against the spyware, but users are strongly advised to manually check for updates via Google Play or the App Store.
Aside from checking for updates, users can take the following steps.
- Disable backups
By now you’re likely familiar with end-to-end encryption – a proven form of secure communication that nullifies third parties from accessing data while it’s being transmitted between devices.
The catch however, is that if you opt to backup WhatsApp via Google drive or iCloud, you aren’t protected by end-to-end encryption.
Yes, that’s right, anyone with access to your cloud accounts can get hold of your entire WhatsApp activity log. It may be worth disabling cloud backups.
- Enable 2FA
Another step users can take is enabling two-factor authentication (2FA). It may seem simple, but it’s another layer of protection to ensure people who attempt to gain access to your account are legitimate.
To toggle your security settings on WhatsApp, go to settings > account > privacy.
If all else fails, you can always delete the app from your device and wait it out.
Short-term positions in small, early stage ASX companies,
with high potential and near term price catalysts.
Focusing on resource exploration, early-stage tech, and biotech.
Exceptional opportunities across a broad range of
early-stage growth sectors with strong management.
Seeking 1,000% plus returns across medium to long-term holds.
Longer-term positions in a variety of sectors.
Seeking strong management where traction is established and have entered into a growth phase.
S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.
Conflict of Interest Notice
S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.
The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.