The WhatsApp Hack

Tal Zamir
May 16, 2019

Could it be used to compromise your corporate environment?

This week a vulnerability in the messaging app WhatsApp was reported that has allowed attackers to inject commercial spyware on to phones. WhatsApp, which is used by 1.5 billion people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. The malicious code, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs.

While most people only consider WhatsApp in the context of their mobile phone, millions of people use WhatsApp on their corporate PCs, either via their web browser or via a dedicated desktop app. As such, and often without us realizing it, all the content of our WhatsApp is essentially downloaded to our Windows and Mac devices. This stream of 3rd party generated content can become a malicious infection vector that can span way beyond just our mobile phone but also into our corporate environment.

Corporate email servers and email service providers have developed robust content filtering systems to prevent our PCs from being infected, but the WhatsApp stream may have gone unnoticed. Secure Web Gateway system may also have a hard time handling this because they are heavily reliant on domain and IP address information and, in this case, all the content is coming from WhatsApp/Facebook servers that are often allowed (because we can’t live without Facebook anymore). Furthermore, browser isolation/sandboxing solutions just won’t cover the WhatsApp desktop application, leaving endpoints vulnerable to such attacks.

What makes this even scarier is the sheer volume of messages that people receive on WhatsApp these days and the large distribution groups that many are subscribed to. WhatsApp has become a parallel messaging platform to the mobile network (alternative to SMS/TXT messages) and even provides APIs so that 3rd parties can use it to drive massive volumes of messages. This message volume and that fact that people share so much via WhatsApp can become a high velocity infection channel and its distributed content can make its way to PCs and corporate environments at a speed that is, perhaps, faster than email. This makes the vulnerability mitigation window much smaller, prior to mass infection, and therefore a significant threat.

This is another reason to airgap your corporate PCs. Let your users WhatsApp but also keep their undesired content out of your corporate environment.

Tal Zamir

Tal is a 20-year software industry leader with a track record of solving urgent business challenges by reimagining how technology works. An entrepreneur at heart, he has pioneered multiple breakthrough cybersecurity and virtualization products. Before founding Hysolate, Tal incubated next-gen end-user computing products in the CTO office at VMware. Earlier, he was part of the leadership team at Wanova, a desktop virtualization startup acquired by VMware. Tal began his career in an elite IDF technology unit, leading mission-critical cybersecurity projects that won the prestigious Israeli Defense Award. He holds multiple US patents as well as an M.Sc. degree in Computer Science, and the honor of valedictorian, from the Technion.