By Eva Galperin
If you are one of WhatsApp’s billion-plus users, you may have read that on Monday the company announced that it had found a vulnerability. This vulnerability allowed an attacker to remotely upload malicious code onto a phone by sending packets of data that look like phone calls from a number not in your contacts list. These repeated calls then cause WhatsApp to crash. This is a particularly scary vulnerability because the does not require that the user pick up the phone, click a link, enter their login credentials, or interact in any way.
Fortunately, the company fixed the vulnerability on the server side over the weekend and rolled out a patch for the client side on Monday.
What does that mean for you? First and foremost, it means today is a good day to make sure that you are running the latest version of WhatsApp. Until you update your software, your phone may still be vulnerable to this exploit.
Are you likely to have been targeted by this exploit? Facebook (which owns WhatsApp) has not indicated that they know how many people have been targeted by this vulnerability, but they have attributed its use to an Israeli security company, NSO Group, which has long claimed to be able to install its software by sending a single text message. The exploit market pays top-dollar for “zero-click install” vulnerabilities in the latest versions of popular applications. It is not so remarkable that such capabilities exist, but it is remarkable that WhatsApp’s security team found and patched the vulnerability.
Declare Your Independence!
Profit outside the rigged system! Protect yourself from tyranny and economic collapse. Learn to live free and spread peace!
Counter Markets Newsletter – Trends & Strategies for Maximum Freedom