- WhatsApp disclosed 12 security vulnerabilities last year, according to the US National Vulnerabilities Database, including seven that were classed as “critical.”
-
According to the database, seen by the Financial Times, the number of reported vulnerabilities was significantly higher than in previous years, when only one or two security reports were made.
- Reports of flaws within the Facebook-owned messaging app have sparked questions about the security of the app amid reports that Amazon CEO Jeff Bezos’ phone was hacked by the Saudi Crown Prince.
- Visit Business Insider’s homepage for more stories.
WhatsApp disclosed 12 security vulnerabilities last year, according to the US National Vulnerabilities Database, sparking questions about the security of the app amid reports that Amazon CEO Jeff Bezos’ phone was hacked by Saudi Crown Prince Mohammed bin Salman.
The Guardian first reported last week that bin Salman had covertly stolen data from the Amazon CEO’s phone after sending an unsolicited video that contained a malicious file in 2018.
The hack on Bezos’ phone is believed to have happen after the two men exchanged friendly messages on WhatsApp on May 1, 2018, weeks after they had met at a dinner in Los Angeles while the prince was in the US on official business.
Bezos' team began investigating his phone in January 2019 after The National Enquirer published a story about him having an affair. After the accusation Bezos accused the tabloid's parent company, American Media Inc., of blackmailing him by threatening to publish his nude images.
The Saudi government has called the report "absurd" and called for an investigation into the claims.
But according to the Financial Times, several security flaws were found in the popular messaging service last year, touting the possibility that these vulnerabilities were left unnoticed for some time, which may have facilitated the high-profile hack of Bezos' phone.
Data from the US National Vulnerabilities Database, seen by the FT, WhatsApp disclosed 12 vulnerabilities last year, including seven that were classified as "critical."
It added that the number of reported vulnerabilities was significantly higher than the in previous years, when only one or two security reports were made.
Facebook, which acquired WhatsApp in 2014, has since tried to pin Bezos' hack on Apple's operating system.
Facebook's Vice President of Global Affairs and Communications Nick Clegg told the BBC last week that a hack on Bezos' phone wasn't the WhatsApp's fault because the messaging app features end-to-end encryption of its conversations.
Still, experts told the FT that news of the vulnerabilities likely pointed to them existing for some time/.
"The fact that they found . . . serious vulnerabilities in 2019 but didn't find them before doesn't mean they just appeared," Marc Rogers, vice-president of cyber security at Okta told the FT.
"Many of those were likely sitting in there all that time, and there's a very high chance they were being [exploited]."
Rogers added that the high number of vulnerabilities were likely discovered because "someone is suddenly paying attention because they are scared."
