WhatsApp Security - Is Your Information Private And Secure?

Is WhatsApp safe?

WhatsApp has emerged as the most popular messaging app today. But, reports of bugs, flaws, hacks and Trojans that have been discovered about WhatsApp recently for sure put a question mark on its security. It is essential to know whether your information and messages on WhatsApp are secure or not. Many issues questioning the WhatsApp security and privacy have been reported in the recent past. So is WhatsApp safe to use? Let's find out!

WhatsApp Security - Messages can be accessed remotely

This is a big threat to your privacy. One security expert Bas Bosschert has discovered that WhatsApp backs up messages on Android in an insecure way that can be stolen and read by others through downloaded Android apps. However, this is only possible if you are allowing WhatsApp to keep a backup of your messages on the SD card. In case you have your message backup option turned off during the initial setup, then your messages are safe. But if not then, your messages are in danger.

In order to prevent this attack, you must clean the app from your phone and then install WhatsApp all over again. This time don’t forget to turn off message backup when asked during the installation setup.

How Malware Can Be Spread Through Whatsapp Messages Like Videos, Text? 

WhatsApp is generally considered as one of the safest messaging apps ever built. However, in the recent past, hackers have seemed to break this myth entirely. It has been found that hackers can send viruses, malware and even Trojan horses through WhatsApp messages. Let's see how. 

Through Videos: 

Recently, cases have been discovered when hackers have attempted to breach data security by sending malware through video messages on WhatsApp. At first, they send you a link to malicious video content or even some video attachment. Chances are that once you click on the link or download the attachment, your data privacy gets compromised. 

Through Images: 

In the past, hackers tried to send malicious multimedia content though cellular services. But that whole process was difficult and risky. WhatsApp, on the other hand, made things easy for them as they could now transfer malicious image content to users without any hassle. The only thing users can do is to not download the content sent by unknown people, especially messages and images which seem to offer lucrative deals and offerings. 

Through Calls: 

It seems a bit weird that malware could be spread using WhatsApp calls. But it's really true indeed. A bug in the messaging app allowed threat actors to inject Israeli malware to phones across the globe through WhatsApp calls. 

The malware was developed by a secret Israeli company called NSO Group. The most interesting thing about this case is that the malicious code could be spread even if the users didn't answer their calls. Moreover, the calls soon disappeared from the user's log as well. 

WhatsApp Security - It allows strangers to see your profile picture even after your privacy settings

Another security bug that has been discovered - This bug allows strangers to see your profile picture irrespective of your privacy settings. This means even if you have opted for ‘Contacts only’ then also WhatsApp lets everyone see your profile photo.
This bug has been discovered by a 17 year old security researcher named Indrajeet Bhuyan. This problem occurred because the smart phone app could not be synced properly with the new web interface version.

The web app shows photos that have been deleted

The same researcher, Bhuyan also discovered that even when you delete your WhatsApp photos, the web saves them indefinitely. This is the reason why you see the blurred photos in your WhatsApp chats after you have deleted them. The web version of WhatsApp that was introduced last month still doesn’t follow the security measures that were taken for the mobile version.

Fake WhatsApp Web is spreading Banking Trojans

WhatsApp has introduced its web version last month which gives the users the ability to read and send messages directly from their web browsers. Malicious hackers have taken advantage of this latest WhatsApp Web and have spread a fake WhatsApp Web Banking Trojan. This Trojan hacks into the confidential information that users have on their private phones.

Hackers gain user's mobile numbers and run scam campaigns

Researchers have also found that Hackers brought out other promising but unofficial desktop versions of fake WhatsApp Web for the Arabic and Spanish speakers. They portrayed this fake WhatsApp Web as the legitimate version of the app and then extracted the users’ mobile phone numbers.

As the users’ submitted their mobile number for downloading the fake WhatsApp Web, the hackers get their number. They then run spam campaigns on their number or make the users unknowingly subscribe to premium rate services.

Stay cautious when using your favorite app and remain safe!

In our continuous efforts to keep businesses and consumers aware and proactive towards the evolving cybersecurity ecosystem, we have curated a list of our best cybersecurity resources that includes the top cybersecurity breaches of this year, industry reports, biggest cybersecurity mergers and acquisitions, billion dollar investment deals, top cybersecurity blogs and influencers to follow and the latest trends and happenings in the cybersecurity world.

Published on Apr 21, 2015
Written by Prateek Panda


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now