WhatsApp has seen its fair share of security flaws — but it’s looking like the app might be more vulnerable than we once believed. According to a database seen by the Financial Times, WhatsApp disclosed a total of 12 security vulnerabilities in 2019. And seven of those were classified as “critical.”
In previous years, only one or two security vulnerabilities have been reported by WhatsApp. That’s a significant jump by any standards.
And they went unreported until now — A dozen vulnerabilities is much to be concerned about. But the larger issue at hand is that WhatsApp may have known about them for a while before reporting them. Experts have told the Financial Times that “many of those were likely sitting there all that time, and there’s a very high chance they were being [exploited]."
Related to the Bezos hack? — Reports of Jeff Bezos’ phone being hacked by the crown prince of Saudia Arabia have been plentiful, but the methods and reasons behind the hack are still very much up for debate. The prevalent theory is that Bezos’ phone was hacked after he exchanged messages via WhatsApp with the crown prince on May 1, 2018. It’s very possible that the critical vulnerabilities that have only now come to light played some part in the hacking of Bezos’ phone.
For its part, Saudi Arabia is still calling BS on the crown prince having any part in the hack.
Facebook claims no responsibility — Last week, Nick Clegg, Facebook’s Vice President of Global Affairs and Communications, told the BBC that he is “very, very confident” that the hack on Bezos’ phone couldn’t possibly the fault of WhatsApp. “We’re as sure as you can be that the technology of end-to-end encryption cannot be hacked into,” he said.
The disclosure of a dozen vulnerabilities renders that answer virtually useless. WhatsApp will surely continue to be an integral part of the ongoing investigation into Bezos’ phone being hacked.