TechAdvisory.org

Technology Advice for Small Businesses

Bug in WhatsApp leaves users exposed

Security_Oct2_BPopular mobile instant messaging app WhatsApp was at the center of a recent security breach which saw the information of as many as 200 million users potentially exposed to the mercy of hackers and malware. The threat, which affected the recently launched web-based version of WhatsApp, was detected by an IT security firm in Israel and patched up before news of it became public. Yet it serves as a reminder to remain vigilant when using web and mobile apps, whether for business or pleasure. Here’s what you need to know.

The web-based version of the WhatsApp app was only launched a few months back, initially for WhatsApp accounts on Android and Windows Phone devices and later for those on iPhones, but has already grown in popularity. The recent security vulnerability related to vCards, electronic business cards shared by WhatsApp users, and effectively amounted to a kind of phishing.

An error in the WhatsApp web client meant that less-than-innocuous vCard business cards created by hackers were not properly filtered out by the app. As a result, these phishing-style cards made it through to users who, if they clicked them, were at risk of the cards converting themselves to more harmful executable scripts once downloaded – and potentially accessing and playing foul with users’ personal data. There are even reports of a ransomware approach being taken by hackers in this case, with attempts being made to extort cash from WhatsApp users in exchange for restored access to their infected devices and hijacked data.

WhatsApp put a fix in place, by releasing an updated version of the app, prior to making public news of the security vulnerability. It’s worth making sure you have the latest version of WhatsApp installed on your phone, if you haven’t checked recently – WhatsApp’s phone and web versions are linked to one another, so ensuring you are up-to-date on your phone is the way to ensure you’re safe when using the web client too. The patch is also available directly through the web client, though this won’t update your phone’s version of the app at the same time.

The whole affair also serves as a timely reminder that it pays to be vigilant when it comes to using WhatsApp and other instant messaging platforms – including email. Avoid opening links or downloading files that you’re not expecting to receive, and proceed with caution even if you were anticipating them. It’s better to double check with the sender that they’re consciously passing a file to you, and that they’re fully aware of its contents, than to wait until your device has been infected and damage has potentially been inflicted on your vital data.

Want to learn how to keep your devices safe from phishing attempts and other potential security vulnerabilities? Give us a call and let us equip you with tamperproof solutions.