View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Majority of WhatsApp Users Still Unpatched, a Week After Critical Vulnerability Discovered

52 percent of iOS, 48 percent of Android users yet to patch...

By CBR Staff Writer

Enterprise users beware: WhatsApp security remains at high risk a full week after Facebook discovered a critical vulnerability in the popular messaging application, with a majority of iOS users (52.4 percent) and large minority of Android users (48.1 percent) yet to patch their devices.

That’s according to San Francisco-based Wandera, an enterprise mobile security and data management company.

Wandera based its assessment on analysis of all the devices (both BYOD and corporate-issue) that connect to its enterprise customers’ networks (more than a million in total), the company told Computer Business Review.

Some 30 percent of those devices had WhatsApp installed, so these figures are based on that sample size. One enterprise alone still had 5,000 vulnerable devices, Wandera added in an emailed comment.

WhatsApp Security: Exploit was Crafted in Israel

The vulnerability, CVE-2019-3568, let malicious actors remotely install spyware on a still-unknown number of affected phones merely by making a call to the device. It was described by Facebook as a “buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

The issue of mobile app security is a growing one. Campbell Murray, Global Head of Cybersecurity Delivery at BlackBerry, said in an emailed comment: “Businesses should ensure employees are sharing sensitive data securely through the correct channels, and have controls in place to protect against malicious actors gaining access to that data via vulnerable applications.”

Read this: WhatsApp Opens up API, To Charge Business Users

He added: “As the digitisation of the workforce has gained pace, we’ve seen a rapid increase in the use of consumer applications in enterprise and public sector environments. Just last year, NHS England relaxed rules around the use of messaging apps, allowing doctors and clinicians to share personally identifiable information (PII) over WhatsApp and other consumer-grade tools.As citizens, we should expect that the security of our private healthcare and financial information is held to a higher standard.”

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

With workers across most sectors now used to the UX of consumer applications and devices, even UK security officials are understood to be working hard to modernise the devices and device security of their staff in order to accommodate more remote working and other such demands of a millennial workforce. Security conscious enterprises with employees sanctioned to use WhatsApp for work purposes meanwhile, should get patching…

See also: Why Mobile Apps are a Headache for Critical Public Services

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.