WhatsApp hack: Major security bug shows there is a risk to everyone using chat apps

WhatsApp has been hit by a major hack that allowed anyone exploiting it to break into phones and read people’s messages just by making a phone call.

The security flaw has brought attention to the kinds of risks inherent in messaging apps, and the way those hazards are ever-present, even in the most secure of platforms.

WhatsApp has long stressed its commitment to privacy: its founders were clear from their outset that their aim was to keep messages from being read by anyone except those for whom they were intended. In practice, that has translated (among other smart solutions) into the development of encryption technology that allows messages to be scrambled up as they are sent between phones, stopping them from being intercepted.

The latest hack has underscored the limitations of that technology, however. By directly exploiting a hole in the app’s code, it was possible to read people’s conversations; it does not matter how successfully a message is encrypted on its journey from person A to person B if the app itself is compromised.

The hack is thought to have hit a very small number of potentially significant people, with the number affected said to be in the dozens. That is a tiny proportion of the 1.5 billion people who use the app around the world – but if even one of those people has their communications intercepted or spied on, one of the central elements of the app’s purpose and success has been challenged.

The lives and phones of those affected might seem distant from the vast majority of people who use WhatsApp. The technology is thought to have been used by governments to spy on activists, lawyers and others who have complicated relationships with the state; at a glance, those seem like specific uses and a long way from the family chat or conversations about holiday planning.

But the security of any particular app is the same for everyone who uses it, no matter how much they need to rely on that security. Hacks by foreign governments put all our conversations at risk, even if they would be of little interest to intelligence agents – not least because if a government has the secret to gaining access, criminals may not be far behind.

Privacy is always a matter of degree: while many apps aim to provide entirely secure communications, it takes only one small accidental failure to compromise the entire system that keeps those messages from being read.

That is why it is always best to be vigilant about the messaging apps you are using (and the communications you send over them), and to be aware that there are a range of apps beyond just WhatsApp – such as Signal – that are particularly valued for the ways they keep messages safe.

WhatsApp’s security issues are far from the only concern around the app: campaigners have been asking questions about how seriously it takes its user privacy ever since it was acquired by Facebook in 2014.

Those questions are likely to be asked more loudly with each passing privacy scandal and security issue.

But the lesson to take from all this is that no app is perfectly secure – that it is best to treat any app as if it could be compromised, while staying vigilant to try to ensure it isn’t.