WhatsApp suffers a major IT security breach

The Facebook-owned company, WhatsApp, confirmed an IT security breach was discovered earlier this month. This is surprising news due to one of WhatsApp’s main selling points has always been its emphasis on safe and secure communications. The breach involved surveillance software getting installed on phones using the WhatsApp program.

According to its website, the strength of its IT security is found in its end-to-end encryption protocols. The end-to-end protection works like a lock and key system that only allows the user and the end recipient to clearly see the communication.
Both ends are allowed access through an encoded connection which consists of a unique encryption code for every message sent and received. The confirmed breach involved surveillance software that managed to get installed on phones using a flaw in the messaging app’s call capabilities.

The surveillance software involved was reported developed by the NSO Group. This group is known for selling cyber tools to governments to assist with fighting terrorism.

How was the WhatsApp’s security breach possible?

The IT security issue was found in the WhatsApp’s VOIP (voice over internet protocol) calling functionality. The flaw within the WhatsApp program was found to occur during the initial call setup phase. The security breach evidently would even occur if the call wasn’t actually answered by the recipient. Facebook referred to the vulnerability as a buffer overflow issue with VOIP.
According to Veracode.com, a buffer overflow occurs when more data is put into a fixed-length data packet than the buffer can actually handle. The extra packet of information has to go somewhere so it overflows into additional memory space. This can cause additional memory space to become corrupted or to be overwritten. The IT security breach used the extra space provided by the buffer overflow to install the surveillance software.

How can someone protect themselves from becoming a victim of the WhatsApp breach?

WhatsApp has already pushed out a fix to the IT security breach but strongly encourages its users to install the latest update of the App. In general, you always want to stay up to date with the latest patches and updates. Tom’s guide has a full walkthrough of updating the WhatsApp program for IOS or Android.