WhatsApp spyware vulnerability

WhatsApp is one of the most popular applications offering encrypted messaging to billions of its users. In early May a vulnerability was discovered in WhatsApp, allowing the injection of commercial spyware into Android and iOS phones by simply calling the target. The spyware, developed by Israel’s secretive NSO group, can be installed without trace and without the target answering the call. Once installed, the spyware can turn on a phone’s camera and microphone, scan emails and messages, and collect the user’s location data.

How to secure company data?

Zero-day attacks such as this, are a threat for any device and any application. In corporate environments, IT administrators have to react fast. Having a mature Mobile Device Management solution in place can mitigate the impact. Administrators can control installation of applications through the use of Black and White lists and are able to manage updates and downloads dynamically. In an event of a breach, users can be informed of the threat and given instructions via message notifications.

“We should keep in mind, that the fewer the applications on your smartphone, the fewer the potential areas for exploitation by hackers. It is worth taking this into account, and to limit applications, to those that are deemed necessary” – says Piotr Kudrys, Product Manager at the Proget Software

The security vulnerability was quickly addressed by Facebook – WhatsApp’s owner, but there could still be users which may not have applied the update. Proget recommends temporarily locking the application or at minimum, notifying all users of WhatsApp about the need to update. Proget customers using separate business containers or fully work managed devices are secure. If WhatsApp is not installed in the business container, corporate data is secured.

Sources:
Business Insider
The Guardian

You can receive the access to full functionality of Proget solution by completing the free trial application form HERE.