View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Majority of WhatsApp Users Still Unpatched, a Week After Critical Vulnerability Discovered

52 percent of iOS, 48 percent of Android users yet to patch...

By CBR Staff Writer

Enterprise users beware: WhatsApp security remains at high risk a full week after Facebook discovered a critical vulnerability in the popular messaging application, with a majority of iOS users (52.4 percent) and large minority of Android users (48.1 percent) yet to patch their devices.

That’s according to San Francisco-based Wandera, an enterprise mobile security and data management company.

Wandera based its assessment on analysis of all the devices (both BYOD and corporate-issue) that connect to its enterprise customers’ networks (more than a million in total), the company told Computer Business Review.

Some 30 percent of those devices had WhatsApp installed, so these figures are based on that sample size. One enterprise alone still had 5,000 vulnerable devices, Wandera added in an emailed comment.

WhatsApp Security: Exploit was Crafted in Israel

The vulnerability, CVE-2019-3568, let malicious actors remotely install spyware on a still-unknown number of affected phones merely by making a call to the device. It was described by Facebook as a “buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

The issue of mobile app security is a growing one. Campbell Murray, Global Head of Cybersecurity Delivery at BlackBerry, said in an emailed comment: “Businesses should ensure employees are sharing sensitive data securely through the correct channels, and have controls in place to protect against malicious actors gaining access to that data via vulnerable applications.”

Read this: WhatsApp Opens up API, To Charge Business Users

He added: “As the digitisation of the workforce has gained pace, we’ve seen a rapid increase in the use of consumer applications in enterprise and public sector environments. Just last year, NHS England relaxed rules around the use of messaging apps, allowing doctors and clinicians to share personally identifiable information (PII) over WhatsApp and other consumer-grade tools.As citizens, we should expect that the security of our private healthcare and financial information is held to a higher standard.”

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

With workers across most sectors now used to the UX of consumer applications and devices, even UK security officials are understood to be working hard to modernise the devices and device security of their staff in order to accommodate more remote working and other such demands of a millennial workforce. Security conscious enterprises with employees sanctioned to use WhatsApp for work purposes meanwhile, should get patching…

See also: Why Mobile Apps are a Headache for Critical Public Services

Topics in this article: , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy