The easy-to-use messaging service WhatsApp offers many convenient features for small businesses and their employees, but a recently-discovered vulnerability within the app could leave your business at risk.
For many small businesses, communication between employees is facilitated through a variety of means, including phone calls, e-mail messages and texting applications such as WhatsApp. Especially for companies that allow their employees to work remotely, messaging apps like WhatsApp enable colleagues to collaborate with one another quickly and seamlessly. Security is always a concern for businesses of all sizes, but many business owners have been mollified by the encryption features offered by WhatsApp. Unfortunately, a vulnerability has recently been discovered that exploits the drawbacks of WhatsApp’s end-to-end method of encryption. For businesses whose employees utilize this popular messaging service, WhatsApp’s weak spot could leave your staff and your business exposed to hackers.
Popular with individual users since its launch, WhatsApp has also appealed to small businesses who lack the resources to shell out for pricey communication app suites. Since the beginning of last year, WhatsApp has been completely free for all users, enabling businesses to utilize this robust messaging service without any drain on their budget. Moreover, WhatsApp recently announced testing of business chat tools that would allow companies to communicate with users directly through the service; this functionality has a lot of promise for small businesses about customer service and direct marketing. However, the recently-uncovered security vulnerability latent in WhatsApp throws a wrench into the range of business uses of the messaging service.
To understand why WhatsApp leaves its users vulnerable to hacking, first we need to look at the type of encryption that the service uses. While WhatsApp has prioritized encryption of its users’ messages to add a layer of security, the method that the messaging app uses–end-to-end encryption–has one serious drawback. With this approach, the content of encrypted messages cannot be verified by WhatsApp; a message will be delivered to any recipient that has the decryption key even if the substance of the message are harmful. Israeli security firm Check Point discovered that this weak spot provides hackers with a window to gain access to WhatsApp users’ account details such as their messages, contacts and various stored media including pictures and videos.
How do hackers utilize this security bug? As is so often the case on the Internet, hackers are relying on funny quotes and cute cat pictures to pique their victims’ interest. When the victim tries to open these innocent-seeming messages received from a hacker, a malicious code will be executed that grants that hacker the constant access needed to do serious damage. And again, since WhatsApp uses end-to-end encryption, the service has no way of screening messages to determine whether they are malicious or innocent.
What can businesses do in the face of this WhatsApp security risk? The main guidance that companies can provide for their employees is not to open messages from unknown senders. WhatsApp has also responded with updates to their security system that attempt to remove this vulnerability and block future hacking attempts utilizing this method. Still, this incident should serve as a reminder for small businesses to take a proactive approach to cybersecurity and to continuously review their defenses for any weak spots.
Concerned that your company might be exposed to serious cybersecurity risks from unexpected sources? Our team of security experts can help you evaluate any potential vulnerabilities in your cyber security protocols to help prevent your business from falling victim to cybercrime. Contact us today at or to learn more about our services.