WhatsApp—the mobile messaging app—recently surpassed 900 million active users. Only Facebook surpasses the app in this respect. WhatsApp’s success is even remarkable seeing that the company has only 55 employees.
Since being taken over by Facebook late last year, WhatsApp has continued to grow in users. Much of this growth is in developing countries: India, for example, has over 70 million WhatsApp users.
WhatsApp’s meteoric rise has not, however, been completely issue free. Just recently, CheckPoint—a security firm—discovered a number of vulnerabilities with WhatsApp’s desktop client used by some 200 million people. The desktop version of the app is available for Android, Blackberry, Windows Phone and, more recently, iPhone users.
The security firm revealed a number of places where the software could be hacked and exploited. Hackers have the opportunity to distribute malware which could include—amongst others—ransomware (of which users are obliged to pay money to reclaim control of their) and remote access tools which grant the hackers remote access to the victim’s computer.
What is perhaps most worrying is that these hackers require only the user’s mobile phone number attached to the WhatsApp account. The hacker must persuade the victim to download the malware by sending a vCard, from which the malware is downloaded straight onto the PC.
Fortunately WhatsApp has reacted quickly, and began rolling out a fix on August 27th. Official advice from the company was that users should update their web software and clear their cache’s.
Check Point said of WhatsApp’s quick response:
“Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client… [we] wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices.”
Unfortunately, security breaches are not WhatsApp’s sole problem.
MI5 chief Andrew Parker, speaking on the Radio 4 Today programme, has called for the government to be given new powers which would see messaging apps being forced to hand over messages, or face a complete ban.
The problem which Parker seems to be alluding to is that of encryption. Many services like WhatsApp and Apple’s iMessage use encryption to protect users’ privacy.
As part of the first live interview of any incumbent MI5 chief, he went on to say messaging apps were:
“creating a situation where law enforcement agencies and security agencies can no longer obtain under proper legal warrant the contents of communications between people they have reason to believe are terrorists… they are using secure apps and internet communication to try to broadcast their message and incite and direct terrorism amongst people who live here who are prepared to listen to their message.”
David Cameron has issued a similar comment, saying back in January that he does not want Whatsapp to be a means of communication which the government is not able to read.
Encryption is a necessary evil: it stops hackers being able to read personal messages and it also allows sensitive information—such as banking details—to be sent without worry. The government wants a weaker type of encryption which only they can read, something which computer scientists say is impossible without making it easier for hackers to hack.
Being backed by Facebook, WhatsApp has the financial resources and the versatility to deal with the many problems it may face. Governments may be the only force powerful enough to stop the company in its tracks, but—such is the ubiquity of WhatsApp—even they will have trouble.