BLOGDOG

Your personal cyber security and anti-hacking news

WhatsApp Hacked! How To Protect Yourself

by: Omri Toppol Sep 09,2015

A giant WhatsApp hack that could easily infect your computer with malware is making headlines right now, but the first thing you should do about it is RELAX!

Yesterday, the cybersecurity firm Check Point published an article about a massive vulnerability in the WhatsApp Web service that could have potentially affected each and every one of the service’s hundreds of millions of users. (Scary! But keep reading.)

In late August, Check Point researcher Kasif Dekel discovered the “MaliciousCard” vulnerability through which attackers could easily infect victims’ computers with any malicious code they wanted—Trojan Horses, ransomware, spyware. You name it, they could get it onto your machine.

How? WhatsApp Web is the web-based version of the massively popular messaging app WhatsApp.

It allows users to chat with each other via a website instead of only through their phones. The service automatically syncs with your phone so you can see all messages on both your phone and computer.

Typically, when we share contacts with one another using our smartphones, we do so through vCards.

Check Point’s Dekel managed to masquerade malicious code as a vCard and send it via WhatsApp. The web application assumed that the file being sent through it is safe, so it allowed recipients to activate it. Receive a contact. Click it. Download it. BAM! That’s all it took for attackers to infect victims’ computers.

Once they ran the executable files, the malicious software in the vCard would get installed and the machine would become infected.

To make matters worse, according to Check Point, “to target an individual, all an attacker needs is the phone number associated with the account.”

But wait, there’s good news!

Unlike some companies that take forever to roll out a fix for these types of vulnerabilities, WhatsApp was impressively quick to act. They rolled out a fix a mere six days after Check Point informed them of the issue. Bravo, WhatsApp!

You can go back to breathing normally now.

But wait, should I still worry?

The “MaliciousCard” vulnerability needs you to specifically open a shared vCard on your computer. So if you haven’t done that, you’ve got no reason to worry. (Commence jump for joy!)

If you did receive a vCard through WhatsApp Web and it contained the info of the contact you expected or asked for, you can also take a moment to breathe a deep sigh of relief.

BUT, if you’re one of the (hopefully few) people who received and activated a vCard that appeared to contain no contact details, it would make sense for your palms to be getting a little sweaty right now.

If they are, the thing to do is to get an antivirus for your computer and run a scan ASAP to rid your device of any malware that may be on it. Don’t worry, you can get an antivirus for free.

What can I do to protect myself?

I’m glad you asked, because that’s the key question to ask any time we learn about these types of major vulnerabilities—especially ones affecting services everyone and their grandmother uses.

But no one wants their WhatsApp account hacked. So what should you do?

In this case, keeping yourself protected is pretty simple. Just make sure you’re using the latest version of the app, and clear the cache on your computer’s browser (here’s how).

Also, once you re-open WhatsApp Web, log in using the mobile app. By clearing the cache, you force the browser to re-download the most recent version of WhatsApp Web.

So WhatsApp can be hacked. What can we learn from this?

So far, WhatsApp and WhatsApp Web have been considered pretty “safe.” But what this event teaches us is that even “safe” environments can contain vulnerabilities that talented hackers can exploit. “MaliciousCode” proves that WhatsApp can be hacked!

With this in mind, it’s always best to follow good, basic security behavior (like not opening a vCard from a number you don’t recognize).Whatever device you’re using, you should never trust or open attachments from unknown sources.

Sadly, today’s Internet is a dangerous place and everyday users need to know how to be smart about what they’re doing online.

Always be on the lookout for suspicious activity—whether it’s a call from an unknown number, an attachment from an unsolicited email, or a seemingly innocent vCard.

Written by Omri Toppol

Omri is LogDog's marketing guy. He is passionate about technology, digital marketing and helping online users to stay safe and secure

Manish

Omri sir how can blocked hackers.. can u said any suggestion plz help..reply me fast
- https://getlogdog.com Omri Toppol
  
  Hi Manish,
  The best way is to educate yourself and take all the the steps needed to protect yourself (you can find a lot of info how to do it here, on the blog).
  I would also download LogDog, as it is really an amazing tool to protect your personal accounts.
Atul Gadkari

I know my whatsap account has been hacked. I use whatsap only on my mobile. How can i find out who has hacked my account. This is of immence significance to me as it can save my marriage.
- https://getlogdog.com Omri Toppol
  
  Hi Atul,
  
  Sorry we can’t help you as at the moment we don’t have whatsapp protection.
Kristin Hickman

I have a concern about my mobile phone and it being hacked by my boyfriend. He’s insecure and obsessing over me and my phone. For NO good reason at all. In fact I just got a cell phone 2 days ago after being without one for the last 6 months. I went without to prove myself t9 him and yet here I am asking this question because he’s just crazy I have come to that conclusion. Anyways he has the software called cydia installed on his iOS and I know just a little bit about it, enough to know that everything on his phone is a secret and I am not allowed to touch his phone , ever! Even when I had not a way of communication with even my family. I know I’m the crazy one right for staying n this… So how do I know what kind of shit he has installed into my mobile device? Please respond back asap. Anybody! Thanks kris420