Whatsapp's Spyware Problem

WhatsApp is one of the most used applications in the world. It is used by more than 1.5 billion people worldwide, across various devices. WhatsApp's default end-to-end encryption is one of Facebook's biggest security assets, however, that was not enough to stop the app when attacked. 

Facebook recently found out that a cyber attack has exposed a weakness in WhatsApp, that is used by billions of people around the world. In early May, engineers of the application found out that there was a flaw in the software in the audio call function. One of the great additions to WhatsApp in recent years is the ability for users to make audio calls at will. However, with the latest security lapse, this meant that phone calls made to both Android and iPhone versions of WhatsApp could allow malware to be installed. 

The malware in question conducts surveillance on a user’s behaviour, this is also known as ‘Spyware’. Any app which has been designed is likely to face hiccups along the way, however, in this case, it is particularly alarming as the security flaw has been exploited and used as surveillance, putting billions of users at risk. A WhatsApp person believes the government may have something to do with it. They said: “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems”. They went on to add: “We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society”.

At this stage, it is not quite clear how many users may have been affected by this, however, WhatsApp is calling for users to update the app as soon as possible, to lessen the chances of being affected. Facebook has released an updated version of its app for Android and iOS. This will stop the attack from being run as well as disable it if it has already been executed. The company says Android versions of its app before v2.19.134 were impacted and iOS versions before v2.19.51 could be exploited. The attack also worked on Windows Phone and Tizen versions of WhatsApp.

For more details on how users can update WhatsApp on their respective devices, they can visit the app store. Users can also take precautions whilst using the application; for example, WhatsApp gives the option of allowing conversation back-ups to the cloud service of your choice – iCloud and Google Drive are options. It's also possible to use two-factor authentication on WhatsApp. Turning this setting on will require you to enter a verification code, which is set by the user before you can access chats in WhatsApp. Although it won't stop spyware from getting at the information on your device, two-factor authentication can help to stop your WhatsApp chats being accessed if your phone happens to be lost or stolen.