May 15, 2019 — Dave Kostos
Backup and recoveryCybersecurityEndpoint protectionInnovations and technologiesIT channel insightsExecutive vision

WhatsApp users' phones hacked by sophisticated spyware attack

Cyber Protect Home Office

Earlier this week, Facebook revealed a vulnerability that exposes users to malware attacks on WhatsApp, its explosively popular encrypted messaging service. A simple call (whether answered or not) from attackers injects commercial-grade spyware onto both Android and iOS phones that can monitor the phone’s camera and microphone, scan emails and messages, and steal the user’s location data.

The Response from WhatsApp

Shortly after this vulnerability was identified, Facebook engineers raced to patch both their consumer and business apps and push out updated versions of the app to WhatsApp’s 1.5 billion users around the globe.

Their update patches this vulnerability, which affects the following versions of the app:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

In a statement following the patch completion, WhatsApp encouraged all users to “upgrade to the latest version of [the] app” and “keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”

The team later announced that the nature of the attack had “all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

Sources close to the investigation allege that private company is NSO Group, an Israeli security software developer with solutions that enable intelligence and law enforcement agencies to remotely create, access, and extract data from a users’ device and environment. NSO Group has denied any involvement.

How to tell if your phone has been infected

Unfortunately, given the sophisticated nature of the spyware involved in this attack, there’s no easy way to know for sure if your data was stolen until it disappears or is used without your knowledge.

This illustrates how important it is to maintain backups of all your mobile data and to set up alerts on your most important data stores – banking information, passwords, email tools, and more.

If you already have backups of your mobile device data and are concerned that this WhatsApp attack has infected your device, failing back to an older image of your device is a good way to eliminate the threat of spyware. Similarly, keep an eye out for notifications of unexpected behavior without your authorization if you have alerts set up with your most important apps and act quickly, should they arise.

Three ways to minimize this threat moving forward

  1. Update your phone’s operating system and applications to the latest versions. The best way to ensure your phone and applications are protected against cyberthreats is by updating whenever the newest versions are available. Yes, this can be annoying, but it also ensures that any security gaps are patched and your data is kept safe.
  2. Restrict the access your applications have within your phone. Apps like WhatsApp integrate with many other apps and data storage features on your phone – including your contacts, photos, videos, and calendar. While this increases how useful the app is for your day-to-day use, it can give a malware attack on one app easier access to information stored by other apps.
  3. Back up your mobile devices with secure, encrypted data backups. Acronis True Image for consumers and Acronis Backup for business users deliver the world’s most secure backup for any platform, including mobile. With these cyber protection measures in place, you can recover any personal and business data lost to accidents or malicious attacks.

More from Acronis