An urgent app update has been released by WhatsApp today and users are being urged to install it immediately. The update patches a serious security flaw that allows hackers to install ‘surveillance software’ on your mobile phone.
Incredibly advanced malware
According to the WhatsApp security team, testing shows that the malware is actually an extremely security toolkit of the type used by government intelligence agencies. Using a zero-day exploit, hackers have been able to install monitoring software without the phone owner realising there was a problem.
WhatsApp have not released many details about the malware, but it appears that a security flaw meant that the install could be completed without any action by the phone’s owner. All they had to do was ring the target phone using WhatsApp’s calling feature – the victim didn’t even have to answer the call. The malware would also delete any missed call messages, so the victim had no idea they had been compromised.
No apps are totally secure
WhatsApp is designed to be secure. The app uses end-to-end encryption to protect messages for instance; if a hacker tries to intercept a message in transit, they won’t be able to read the text. Only the sender and recipient can decrypt and read the messages.
But by gaining access to a victim’s phone, the hackers are able to read both the address book and any messages sent and received. The compromised smartphone is performing all of the necessary decryption.
Act now
WhatsApp have been clear that only a small number of people have been hacked using this new malware – most probably by a nation state spying on political enemies. However, the same ‘hole’ that allows malware installation is present on every phone running WhatsApp – so you may become a victim at a later date.
To avoid breach, you must install the WhatsApp update as soon as possible. This will immediately close the loophole that is being exploited by hackers.
If you have not already done so, you should also install an antivirus tool on your smartphone. Panda’s Antivirus for Android will scan your phone for known privacy issues for instance, allowing you to patch security issues, and to uninstall suspicious or risky apps. And the premium service offers a secure VPN connection to block unknown connections, reducing the risk of a malware infection – and filtering out unwanted ads too.
WhatsApp has earned its reputation for security, and the way in which they have approached this breach has been responsible and responsive. There have been concerns about how the service will change since Facebook took over, but the introduction of malware is entirely different to internal data harvesting operations. But as WhatsApp hits the headlines again, it may be time to re-evaluate which secure messaging app you use in future.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
21 comments
Your recommendation to update WhatsApp is several days late. Is this indicitave of the reliability of your product?
Hello Dave,
If you take a look at the publishing date the post was published on the 14/05/2019 the same date the news were published in media like BBC (https://www.bbc.com/news/technology-48262681) or The Guardian (https://www.theguardian.com/technology/2019/may/14/whatsapp-hack-have-i-been-affected-and-what-should-i-do ) Our products also discover new malware every day and updated daily as they work from the cloud.
Many thanks for your message. Have a lovely day! 🙂
Best regards,
Panda Security.
14MAY2019. I am not using my smartphone (LG Android).
My 1 year VPN are there (at Panda) activated, but it has
to be replaced (and the monthly VPN removed).
Is there anything I can do about it from my computer?
Where do I find the update? There isn’t an update in my Google Play Store.
TYIA ~ amt
Hello Ann-Marie,
Open the Google Play Store on your mobile device
Tap the menu
Open the “My Apps & Games” tab
Look for the “Updates Pending” section. If your WhatsApp requires an update, it will be listed there. Tap “Update” and allow your device to install the latest version.
If your app has already been updated, there will be no update button, just one that reads “Open.” No further action is required.
If you have difficulty finding WhatsApp, search for it in the Play Store
Ensure you are running the latest version: 2.19.134
We hope this helps!
Best regards,
Panda Security.
enkel als het gratis is.
Het is 100% gratis Willy.
Bedankt!
Mag ik dit in het weekend regelen? Krijg ik een herinnering hierover.
Dank u wel
Hallo,
Hoe eerder hoe beter, hoe eerder hoe beter, zodat je er zeker van bent dat je beschermd bent.
Bedankt!
OK, but where is the “Update” command ?
Hi Pavel,
If you want to be more sure, do the following:
If you’re an iPhone user:
Open the App Store on your mobile device
Hit the tab “Updates” along the bottom right
If your WhatsApp has not been updated, a button will appear reading “Update.” Tap and allow your device to install the latest version.
If your app has been updated, there will be no update button, just one that reads “Open.” No further action is required.
If you have difficulty finding WhatsApp, search for it using the search tab on the bottom right
Ensure you are running the latest version: 2.19.51
If you’re Team Android:
Open the Google Play Store on your mobile device
Tap the menu
Open the “My Apps & Games” tab
Look for the “Updates Pending” section. If your WhatsApp requires an update, it will be listed there. Tap “Update” and allow your device to install the latest version.
If your app has already been updated, there will be no update button, just one that reads “Open.” No further action is required.
If you have difficulty finding WhatsApp, search for it in the Play Store
Ensure you are running the latest version: 2.19.134
Thanks!
You don’t accept my code.
Hello Donald,
How can we help?
We need protection
Hello Lambert,
Please follow our instructions and install an antivirus on your phone: https://www.pandasecurity.com/security-promotion/?campaign=dome1903
We hope this helps!
Thanks!
How do I update my whatsup no information
Hi Eyvor,
Please, follow these steps:
Open Play Store
Go to the Menu
Tap “My apps & games”
Find WhatsApp Messenger within your “Installed” apps
Tap the app
Hit “Read more” and scroll to the bottom
Under “App info,” if it says you have version 2.19.134, good news! Your phone is protected.
If you have an earlier version, for example 2.19.133, you need to update.
Thanks!
je n’ai pas de téléphone mobile. Suis-je concerné par cette menace?
No comment for now
how about for WhatsApp desktop? the antivirus blocked it
Yes, if you have updated the app on your mobile you whatsapp web will not have any problems.
-Panda Security