• Written by Robert Merkel, Lecturer in Software Engineering, Monash University
WhatsApp says more than 1 billion use the app. Shutterstock/XanderS

It’s been a day of high-profile security incidents.

First there was news the popular WhatsApp messenger app was hacked. Updated versions of WhatsApp have been released, which you should install if you’re one of the more than one billion people who use the app.

There was also news of several security flaws in the majority of Intel processors, found in many of the world’s desktop, laptop and server computers.

Software patches to prevent exploitation of these hardware flaws have been released by several vendors, including Microsoft. You should install security updates from vendors promptly, including these.

WhatsApp hack revealed

The WhatsApp news was revealed first by the Financial Times, which says the bug was used in an attempt to access content on the phone of a UK-based human rights lawyer.


Read more: Becoming more like WhatsApp won't solve Facebook’s woes – here's why


The lawyer reported unusual activity on his phone to the Citizen Lab, an academic research centre that focuses on digital espionage. The centre then contacted WhatsApp, which had independently noted signs of some kind of hack and put in place preliminary preventative measures in its network infrastructure.

When asked by the Financial Times how many users were attacked using this vulnerability, a WhatsApp spokesperson said “a number in the dozens would not be inaccurate”.

Facebook, the corporate parent of WhatsApp, has issued a technical notice about the vulnerability, saying versions of WhatsApp for iOS, Android, Windows Phone (and the lesser-known Tizen platform used in Samsung smart watches) were affected.

Evading end-to-end encryption

Messages and calls on WhatsApp are end-to-end encrypted, which means they are practically invulnerable to being read while in transit.

The only way an attacker can gain access to the contents of WhatsApp messages and calls is at either end, on the sending or receiving device.

Unfortunately, in this case, by modifying the sequence of data sent to a phone to initiate a call, an attacker could take over the WhatsApp application running on the device.

This would cause it to do whatever the attacker wishes, which could include sending the unscrambled WhatsApp messages directly to the attacker.

While on its own the vulnerability does not appear to give the attackers full access to everything on a target phone, it could well be used in combination with other vulnerabilities to gain full access and control.

Suspicions fall on NSO Group

Unlike the Intel processor flaws, which were discovered by academic and commercial researchers and are not known to have been used for hacking to date, the WhatsApp security bug was discovered because of hacking activity.

The Financial Times attributes the hacking attempts using the bug to software developed by the NSO Group.

Facebook, while not naming NSO, told the Financial Times:

[…] the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

NSO Group is an Israel-based company that sells intelligence-gathering software – essentially, mobile phone spyware – to governments around the world.

Software sold by NSO Group has previously been implicated in attempts to spy on an Emirati human rights activist, Mexican journalists, and other civil society targets.

The UK human rights lawyer targeted using the WhatsApp bug was representing the Mexican journalists previously allegedly targeted using NSO Group software.

We’re not likely targets

While this particular bug is no longer a problem if you’ve updated WhatsApp, in general there is relatively little an average citizen targeted by this kind of spyware can do about it.

Make sure you WhatsApp app is up-to-date. WhatsApp Android app/Screenshot

This genre of bug-exploiting spyware is highly unlikely to be used by anyone other than governments, and then only to target a relatively small number of people. But the lawyer in this latest case says he does not know who is behind his WhatsApp hack.

Sooner or later, the use of spyware is inevitably detected, and the bug used to install it is found and fixed. The more phones are attacked, the quicker this will occur.

In the Australian context, software bugs are not the only means available to law enforcement to access encrypted messaging.


Read more: Why we need to fix encryption laws the tech sector says threaten Australian jobs


The controversial Access and Assistance legislation, approved late last year, contains provisions that can require software and hardware developers to provide assistance to law enforcement and intelligence agencies to access communications, including those secured with end-to-end encryption.

The use of this kind of spyware – sold to countries with dubious human rights credentials, and used to target activists, journalists and lawyers – is disturbing.

I have previously argued that the international trade in such powerful tools should be curtailed. But fortunately, as insidious as they are, their reach is limited and likely to remain so.

Robert Merkel does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

Authors: Robert Merkel, Lecturer in Software Engineering, Monash University

Read more http://theconversation.com/whatsapp-hacked-and-bugs-in-intel-chips-what-you-need-to-know-to-protect-yourself-117173

Winter Pool Upkeep - Is It Necessary?

In winter, harsher elements such as rain and wind can have a real impact on your backyard pool. Many pool owners will choose to switch off their pool equipment and cover up during the winter mon...

News Company - avatar News Company

Why children and teens with symptoms should get a COVID-19 test, even if you think it's 'just a cough'

A Victorian teenager holidaying on the NSW South Coast has been diagnosed with COVID-19, NSW chief health officer Kerry Chant said on Wednesday. The revelation follows reports senior students at Al-Ta...

Christopher Blyth, Paediatrician, Infectious Diseases Physician and Clinical Microbiologist, University of Western Australia - avatar Christopher Blyth, Paediatrician, Infectious Diseases Physician and Clinical Microbiologist, University of Western Australia

Is watching porn bad for your health? We asked 5 experts

www.shutterstock.comLet’s be honest: during coronavirus lockdown it was hard to resist the allure of internet intimacy. Rates of watching porn skyrocketed in Australia during isolation.But have ...

Liam Petterson, Assistant Editor, Health + Medicine, The Conversation Australia - avatar Liam Petterson, Assistant Editor, Health + Medicine, The Conversation Australia

9 Reasons Sydney Is the Best City in Australia

Sydney is home to nearly 6 million people, making it by far the most populated city in Australia. According to census data, Sydney is growing fast, with average growth rates ranging between 3.96...

Samantha Ball - avatar Samantha Ball

How To Take Your Pressure Cooking To The Next Level

If you are like most busy homeowners, wives, husbands, or parents, you've no doubt tried a pressure cooker by now. These are without a doubt one of the most unique, handy, and convenient devices...

News Company - avatar News Company

Melbourne's lockdown came too late. It's time to consider moving infected people outside the home

From midnight Wednesday, all of Metropolitan Melbourne and Mitchell Shire will return to Stage 3 lockdown for six weeks. There are only four reasons for residents to leave their homes: shopping for es...

Mary-Louise McLaws, Professor of Epidemiology Healthcare Infection and Infectious Diseases Control, UNSW - avatar Mary-Louise McLaws, Professor of Epidemiology Healthcare Infection and Infectious Diseases Control, UNSW

Victorians, and anyone else at risk, should now be wearing face masks. Here's how to make one

After early success in suppressing COVID-19, we are facing a resurgence in Victoria, which is threatening disease control for the whole country. Outbreaks in northwestern Melbourne, including in publi...

C Raina MacIntyre, Professor of Global Biosecurity, NHMRC Principal Research Fellow, Head, Biosecurity Program, Kirby Institute, UNSW - avatar C Raina MacIntyre, Professor of Global Biosecurity, NHMRC Principal Research Fellow, Head, Biosecurity Program, Kirby Institute, UNSW

Is the airborne route a major source of coronavirus transmission?

ShutterstockAs the world continues to grapple with the coronavirus pandemic, one question that keeps coming up is whether COVID-19 can be transmitted through the air. In fact, 239 scientists in 32 cou...

Hassan Vally, Associate Professor, La Trobe University - avatar Hassan Vally, Associate Professor, La Trobe University

this is just how vigilant we have to be until a COVID-19 vaccine is found

Metropolitan Melbourne and the shire of Mitchell will returned to Stage 3 stay-at-home restrictions as of midnight Wednesday, Premier Daniel Andrews has announced, after 191 new cases were recorded in...

Philip Russo, Associate Professor, Director Cabrini Monash University Department of Nursing Research, Monash University - avatar Philip Russo, Associate Professor, Director Cabrini Monash University Department of Nursing Research, Monash University



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion