Human rights groups could have been the target the latest cyber breach according to WhatsApp. The messaging company said that it had found signs for the same as the malicious app originated from a government which was used for surveillance with the help of technology developed by a private company.
Help for an investigation has been sought from the U.S. Department of Justice, said WhatsApp, which is owned by Facebook. The company also encouraged all its users to download the latest update for the app which would plug the holes that allowed the breach
With about 1.5 billion monthly active users, WhatsApp is among the most popular messaging tools in the world. The company has been very proud of its end-to-end encryption and its high level of security and privacy which does not allow messages or calls on the platform to be viewed or heard by any outsider or a third party.
While saying that the breach was still being investigated by it, the company said that it believed only a “select number of users were targeted through this vulnerability by an advanced cyber actor.” However its advice for an update of software for all its users was “out of an abundance of caution” as well as a recommendation by Citizen Lab which is a research group at the University of Toronto. The number of users affected by the breach were not disclosed by the company.
The cyber attack that was very sophisticated, had all the signatures of a “private company working with governments on surveillance”, said a WhatsApp spokesman.
WhatsApp said it was “deeply concerned about the abuse” of such surveillance technologies and that it believed human rights activists may have been the targets. “We’re working with human rights groups on learning as much as we can about who may have been impacted from their community. That’s really where our highest concern is,” the spokesman said.
“We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer,” tweeted Citizen Lab.
On Monday, a notification of a “serious security vulnerability” on its platform was issued by WhatsApp to its, said Ireland’s Data Protection Commission (DPC), WhatsApp’s lead regulator in the European Union. “The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorized software and gain access to personal data on devices which have WhatsApp installed,” the regulator said in a statement.
It is unlikely that the majority of WhatsApp users would be affected t the breach, believes analysts.
Sine this breach appears to have a very specific target – made by a government, primarily human rights campaigners, therefore most WhatsApp users were not affected, believes Scott Storey, a senior lecturer in cyber security at Sheffield Hallam University.
“For the average end user, it’s not something to really worry about,” he said, adding that the breach was quickly found by WhatsApp and fixed accordingly. “This isn’t someone trying to steal private messages or personal details.”
(Adapted from Reuters.com)