Subscribe
  • Home
  • /
  • Internet
  • /
  • WhatsApp users fail to update app after last week's breach

WhatsApp users fail to update app after last week's breach

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 20 May 2019
Oded Vanunu, head of product vulnerability research at Check Point.
Oded Vanunu, head of product vulnerability research at Check Point.

A concerning number of WhatsApp users have not updated their apps following the announcement last week that hackers could remotely install spyware on phones to gain full remote access to the infected devices.

ITWeb Security Summit 2019

Eight international keynote speakers are heading to SA to join the local experts and share insights with SA's cyber security community. We have Graham Cluley, independent computer security expert and public speaker; Ofir Hason, CEO and co-founder of CyberGym; and Pete Herzog, MD of the Institute for Security and Open Methodologies. To find out more and to register, click here.

Wandera, a company that specialises in smartphone security, reported that 80% of iOS devices were not updated, and 55% of Android devices remained vulnerable. Wandera has over one million devices under its management, 30% of which have WhatsApp installed, meaning it can see whether some 300 000 devices have updated their application to patch the security flaw.

Oded Vanunu, head of product vulnerability research at Check Point, says the hack is actively being used to inject spyware into victims' phones.

"The vulnerability, identified as CVE-2019-3568, can be exploited to install the spyware and steal data from a targeted Android phone or iPhone by placing specially crafted VOIP calls to victims."

He says no user interaction is required for the attack to succeed. "The spyware operates stealthily, by erasing incoming call information from the call logs, so that the victim is unaware of the intrusion."

Act before it's too late

Vanunu says it is difficult to predict what the fallout of this hack could be, but says if this spyware is merely detected after it has infected the device, it is too late.

"It is critical to ensure the attack is prevented before it actually infects the mobile device, and unfortunately, many businesses do not have adequate mobile security in place."

Mobile devices are the backdoor to network breaches, exposing sensitive corporate data to risk, says Vanunu. "Therefore, businesses need to consider using an advanced threat prevention product for all mobile devices, to protect them from zero-day malware, phishing on all apps, blocking devices from sending data to botnets and preventing infected devices from accessing corporate apps."

Paul Ducklin, senior technologist at Sophos, agrees, adding it is crucial to get the latest WhatsApp software update. "The bug has made huge news worldwide, so there are bound to be cyber crooks all over the world who are digging into this right now, and looking for ways to cash in."

He says there appears to be very few people that have actually been attacked using the existing exploit code.

However, this is about more than WhatsApp, says Ducklin. "This is just one, high-profile version of the sort of security bug that regularly gets fixed by other app vendors, and even by operating system makers like Microsoft, Google and Apple.

"So, don't make this just a one-off thing that you do because of the WhatsApp scare," he advises "Keeping your phone and your apps updated is important. Most software has bugs, some of which can be abused by cyber criminals. When a fix comes out, if you don't apply it, you're one of the low-hanging fruit that the crooks are going to go after next."

Sophos offers some recommendations for businesses:

  • Don't install or keep apps that are not going to be used. Less is more.
  • Get patches and security updates as soon as possible. Do not patch only when big stories like the WhatsApp one come out. Once bugs become well-known, expect them to be tried and tested by more and more crooks against more and more people, so do not be a cyber security straggler.
  • Use an anti-virus on the phone to watch out for rogue apps and connections to rogue Web sites.
  • Use a mobile control product to keep track of what apps users have, and whether they are up to date.

Share