May 16, 2019 | 6 min read
WhatsApp Hack: How to Protect Your Data
Earlier this week, WhatsApp, a popular messenger, stole the limelight when the public learned about the app’s crucial security vulnerability. This flaw allowed attackers to stealthily inject spyware into phones of WhatsApp users.
In early May, WhatsApp, a Facebook-owned company, discovered a loophole that allowed cybercriminals to install eavesdropping malware onto users’ phones. This malware could be injected through a single WhatsApp call, even if the user did not answer it. Upon injection, the spyware was able to access a camera and microphone, open messages, capture screen images, and log keystrokes.
On May 14, WhatsApp released the latest version of the app containing a fix to the vulnerability and urged users to upgrade their messengers.
It is believed that the attack was targeted at a London lawyer who has been involved in lawsuits on behalf of journalists and activists from Saudi Arabia, Qatar, and Mexico. It is not unlikely that WhatsApp hack was aimed at other human rights advocates as well.
The malicious program used for the attack is called Pegasus. It was developed by an Israeli company NSO Group. However, the company denies that it was using Pegasus for the attack. "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror. . . . NSO would not or could not use its technology in its own right to target any person or organisation," the company commented.
Who is affected?
Despite this attack being highly-targeted, the specific number of its victims can’t be defined. This WhatsApp vulnerability could potentially affect any of its 1.5 billion users worldwide. Notably, all kinds of phones with major mobile operating systems and WhatsApp or WhatsApp Business installed are at risk, according to Facebook.
Those who received WhatsApp calls from strangers should be especially vigilant. However, there’s evidence that such calls often disappeared from the call history, so it’s extremely hard for the victims to trace them.
How can I protect my data?
If you used to have WhatsApp installed on your device, make sure that you have updated to the latest version. This is how to do it:
On an iPhone or another iOS device:
- go to the App Store
- select “Updates”
- find "WhatsApp" and tap “Update”
The latest version of WhatsApp on iOS is 2.19.51.
On an Android device:
- go to the Google Play Store
- go to the menu in the upper-left corner
- select "My apps & games"
- find "WhatsApp" and tap “Update”
The latest version of WhatsApp on Android is 2.19.134.
Can I avoid similar risks with other messaging apps?
Unfortunately, no one can be 100% immune from future security attacks targeting messengers or other apps. For example, in 2017, Facebook Messenger was attacked with a virus. “No messenger service or app is secured against the discovery of new vulnerabilities,” says Oleh Shpyrna, Security Researcher at the MacKeeper Anti-Malware Lab.
Incidentally, WhatsApp was called one of the most secure messaging apps by TechRadar and TechWorld. If this recent concern has you second-guessing WhatsApp, you can try out some other apps listed in their reviews, such as Signal or Telegram. However, you’ll also need to convince all your contacts to switch to these apps or set up all your contacts again.
Whichever app you choose for communication, be sure to follow these recommendations from the MacKeeper Anti-Malware Lab:
- install apps only from trusted sources
- review your privacy settings for every app you’ve installed, and check the access permissions it requests
- update applications regularly or turn on automatic updates