WhatsHacked? WhatsApp compromised in cyber attack
If you’re one of the 1.5 billion people that use WhatsApp, you may have a problem.
That’s the advice from the Facebook owned platform, which is in damage control after a serious weakness in the app was discovered.
Israeli cyber intelligence firm, NSO Group, is accused of being the mastermind behind spyware that can gain access to the ‘encrypted’ app without user permission.
NSO has denied this accusation.
Whoever is behind the attack, it's not fantastic for users.
The vulnerability allows hackers to discretely install spyware through an infected call on the app, which affects all devices and operating systems. The malicious program is capable of trawling through call and text/message history and can activate the device camera and microphone at will.
To make matters worse, such activity isn’t reflected in activity logs, meaning users have no idea if or when they have been compromised. However, if you haven’t received any mysterious WhatsApp voice calls from unknown parties, you are likely in the clear.
It’s yet another blow to the concept of privacy in today’s world. If the world’s most ‘secure’ social media platform is so easily exploited, where is our information safe?
The number of users affected is unknown, but several victims, including a high profile UK-based human rights lawyer, have been embroiled in the breach.
What should you do?
Facebook has deployed a server-side update to help protect users against the spyware, but users are strongly advised to manually check for updates via Google Play or the App Store.
Aside from checking for updates, users can take the following steps.
- Disable backups
By now you’re likely familiar with end-to-end encryption – a proven form of secure communication that nullifies third parties from accessing data while it’s being transmitted between devices.
The catch however, is that if you opt to backup WhatsApp via Google drive or iCloud, you aren’t protected by end-to-end encryption.
Yes, that’s right, anyone with access to your cloud accounts can get hold of your entire WhatsApp activity log. It may be worth disabling cloud backups.
- Enable 2FA
Another step users can take is enabling two-factor authentication (2FA). It may seem simple, but it’s another layer of protection to ensure people who attempt to gain access to your account are legitimate.
To toggle your security settings on WhatsApp, go to settings > account > privacy.
If all else fails, you can always delete the app from your device and wait it out.