Popular messaging service WhatsApp has played host to a rather nasty software vulnerability which could lead to users becoming the victims of ransomware, remote access tools (RATs) and other malicious nasties.
The vulnerability specifically affects users of the web client, WhatsApp Web, which boasts a potential user base of 200 million.
WhatsApp have responded extremely quickly, which we applaud, and the vulnerability is fixed but we’d also like to remind users of all online services to remain ever vigilant.
Phone Numbers and vCards
The cybercrims responsible for taking advantage of the vulnerability did so through fairly simple means.
All they needed was the phone number of the user they wished to target: alongside email addresses, probably the most common piece of information that you’d ideally put into an online form or involved in a previous breach. As Mark James, ESET IT security specialist, explains.
“In this instance it allowed the possibility of a vCard (Virtual Business card) to be sent to a user by only knowing their telephone number; bear in mind that almost all of the security breaches we hear about contain phone numbers in the breach.
“Unlike credit cards or passwords they are not often encrypted or hashed, now bear in mind WhatsApp is a cross platform mobile messaging app the chances of you opening a vCard sent to you is quite high. Once opened it will attempt to download and infect your system with ransomware.”
You must always be wary on the Internet. Even when receiving messages from and friend or family member. Is there anything in particular you should do?
“Apart from being very mindful of the content you receive not really no, the very nature of WhatsApp is a two way messaging service that sends and receives data but you still need to have your wits about you and remember not everything on the internet is trustworthy and honest.
“Make sure your web browser, operating system, applications and Anti-Virus products are fully updated and patched. Don’t wait to apply updates later, always do them now and to be safe reboot your machine afterwards, if you’re not familiar with updating browser cache, to ensure patches are applied.”
Ransomware!
Amongst the malware that victims could potentially be infected with was ransomware, the infamous zeitgeist of recent malware.
“Ransomware is one of the most destructive forms of malware around currently, it renders local and remote files unusable until the ransom is paid.
“If this is in a business environment then no one will be able to access those files and in a worst case scenario could cause the whole software infrastructure to fail.
“Of course if backups are in place it’s just a matter of time before you’re back up and running but if not then remember paying the ransom is only funding criminal activity and should be avoided if possible.”
As mentioned at the beginning of the article WhatsApp were very quick to respond. As we’ve said many times no one is 100% immune to being hacked, or breached, or infected. It’s how you deal with it that’s important.
“In this case WhatsApp acted very fast indeed, a patch was made available that fixed the problem and was rolled out quickly, this enabled their users to be safe again from this vulnerability providing they applied the patch, it’s good to see companies acting this fast in response to these vulnerabilities being found.”
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Do you use WhatsApp? Were you infected or did you spot a dodgy vCard?