WhatsApp urges users to upgrade app after security
breach
Send a link to a friend
 [May 14, 2019]
By Steven Scheer
JERUSALEM (Reuters) - Facebook's WhatsApp
urged users to upgrade to the latest version of its popular messaging
app after reporting that users might be vulnerable to having malicious
spyware installed on phones without their knowledge.
WhatsApp, one of the most popular messaging tools, is used by 1.5
billion people monthly and it has touted its high level of security and
privacy, with messages on its platform being encrypted end to end.
"WhatsApp encourages people to upgrade to the latest version of our app,
as well as keep their mobile operating system up to date, to protect
against potential targeted exploits designed to compromise information
stored on mobile devices," a spokesman said.
"We are constantly working alongside industry partners to provide the
latest security enhancements to help protect our users," he said.
WhatsApp did not elaborate further.
WhatsApp informed its lead regulator in the European Union, Ireland's
Data Protection Commission (DPC), of a "serious security vulnerability"
on its platform.
"The DPC understands that the vulnerability may have enabled a malicious
actor to install unauthorized software and gain access to personal data
on devices which have WhatsApp installed," the regulator said in a
statement.
"WhatsApp are still investigating as to whether any WhatsApp EU user
data has been affected as a result of this incident," the DPC said,
adding that WhatsApp informed it of the incident late on Monday.
INCOMING CALL
Earlier, the Financial Times (FT) reported that a vulnerability in
WhatsApp allowed attackers to inject spyware on phones by ringing up
targets using the app's phone call function.
It said the spyware was developed by Israeli cyber surveillance company
NSO Group and affects both Android and iPhones. The FT said WhatsApp
could not yet give an estimate for how many phones were targeted.
[to top of second column] |
WhatsApp and Facebook messenger icons are seen on an iPhone in
Manchester , Britain March 27, 2017. REUTERS/Phil Noble/File Photo
The FT reported that teams of engineers had worked around the clock in San
Francisco and London to close the vulnerability and it began rolling out a fix
to its servers on Friday last week and issued a patch for customers on Monday.
Asked about the report, NSO said its technology is licensed to authorized
government agencies "for the sole purpose of fighting crime and terror," and
that it does not operate the system itself while having a rigorous licensing and
vetting process.
"We investigate any credible allegations of misuse and if necessary, we take
action, including shutting down the system. Under no circumstances would NSO be
involved in the operating or identifying of targets of its technology, which is
solely operated by intelligence and law enforcement agencies," the company said.
WhatsApp disclosed the issue to the US Department of Justice last week, the FT
said.
Social media giant Facebook bought WhatsApp in 2014 for $19 billion.
Facebook co-founder Chris Hughes last week wrote in The New York Times that
fellow co-founder Mark Zuckerberg had far too much influence by controlling
Facebook, Instagram and WhatsApp, three core communications platforms, and
called for the company to be broken up.
(Additional reporting by Ari Rabinovitch, Tamara Mathias and Padraic Halpin;
Editing by Louise Heavens/Keith Weir)
[© 2019 Thomson Reuters. All rights
reserved.] Copyright 2019 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
 |
