Enterprise users beware: WhatsApp security remains at high risk a full week after Facebook discovered a critical vulnerability in the popular messaging application, with a majority of iOS users (52.4 percent) and large minority of Android users (48.1 percent) yet to patch their devices.
That’s according to San Francisco-based Wandera, an enterprise mobile security and data management company.
Wandera based its assessment on analysis of all the devices (both BYOD and corporate-issue) that connect to its enterprise customers’ networks (more than a million in total), the company told Computer Business Review.
Some 30 percent of those devices had WhatsApp installed, so these figures are based on that sample size. One enterprise alone still had 5,000 vulnerable devices, Wandera added in an emailed comment.
The vulnerability, CVE-2019-3568, let malicious actors remotely install spyware on a still-unknown number of affected phones merely by making a call to the device. It was described by Facebook as a “buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
The issue of mobile app security is a growing one. Campbell Murray, Global Head of Cybersecurity Delivery at BlackBerry, said in an emailed comment: “Businesses should ensure employees are sharing sensitive data securely through the correct channels, and have controls in place to protect against malicious actors gaining access to that data via vulnerable applications.”
He added: “As the digitisation of the workforce has gained pace, we’ve seen a rapid increase in the use of consumer applications in enterprise and public sector environments. Just last year, NHS England relaxed rules around the use of messaging apps, allowing doctors and clinicians to share personally identifiable information (PII) over WhatsApp and other consumer-grade tools.As citizens, we should expect that the security of our private healthcare and financial information is held to a higher standard.”
With workers across most sectors now used to the UX of consumer applications and devices, even UK security officials are understood to be working hard to modernise the devices and device security of their staff in order to accommodate more remote working and other such demands of a millennial workforce. Security conscious enterprises with employees sanctioned to use WhatsApp for work purposes meanwhile, should get patching…