WhatsApp is one of the most ubiquitous and popular instant messenger apps these days, and it’s fair to say that there’s likely hundreds of thousands of people who have it installed on their smartphone and make frequent use of it. Well, no one’s about to tell you should stop doing so if you’re one of them, but it turns out that you may want to update it manually now - or perhaps even better delete and re-install it - due to recent developments that have just now gotten out into the media. Part of being a good Canadian web hosting provider is giving clients a heads up on such developments, and that describes 4GoodHosting to a tee if we may say so ourselves. Often times these sorts of things aren’t quite ‘newsworthy’ in that sense, but again considering how common WhatsApp is these days we decided to make it our topic for the week. Right then. So, despite encrypting every conversation and following best security practices, WhatsApp (which is owned by Facebook for those of you who care about those things) it seems has been the victim of a cyber attack. It recently announced that it found a vulnerability that was allowing shady types to infect WhatsApp users with spyware when they made - or even attempted to make - a call using the app. No Answer - No Problem Now most people aren’t ones to take notes of character and number chains, but it would seem this this WhatsApp vulnerability is going by CVE-2019-3568. What makes it especially noteworthy is that it allows attackers to infect the device, and have success doing so even if the user at the other end receiving the call didn’t answer it. The means by which these nefarious individuals did this was by exploiting a buffer overflow weakness in the app, one that enables them to hack into WhatsApp before doing the same on the device running the app. When asked about it, the security team at WhatsApp chose to refer to it as an ‘advanced cyber actor’ - a rare but very dangerous type of cyberattack. It is different from other malware attacks...
