- Wandera could see whether the users of 300,000 devices have updated WhatsApp to patch the security vulnerability. Many had not.
- Just one of Wandera's business customers had 5,000 vulnerable devices on its book.
- Here's how to make sure your phone is protected .
- Visit BusinessInsider.com for more stories .
WhatsApp has said very little about a major hack this month and it shows.
An alarming number of people are failing to update the Facebook-owned app, leaving the door open for bad actors to get their hands on personal information, including messages and data location.
That's according to research by Wandera, a smartphone security company that counts the likes of Rolex, Deloitte, General Electric, and Bloomberg among its customers.
Wandera helps secure the smartphones of employees at these companies, and it has more than 1 million devices under its management, 30% of which have WhatsApp installed.
That means it can see whether the users of 300,000 devices have taken Facebook's advice and updated WhatsApp to patch the security vulnerability, which was first spotted by the Financial Times.
As of Thursday this week, Wandera found that 80.2% of iOS devices within this pool of 300,000 were not updated, while 55.4% of Android devices were also vulnerable.
Just one of Wandera's customers, who it declined to name, had 5,000 vulnerable devices on its books, the company said. That's a lot of people effectively inviting in hackers to steal their personal and professional data.
The hackers, who have not been identified, gain access by exploiting a vulnerability in WhatsApp's call functionality to install surveillance technology developed by Israel's NSO Group. Even if the target doesn't take the call, the malware is able to infect the phone.
WhatsApp has not notified users directly about the issue, nor is security mentioned as part of the app update process on the Apple App Store and Google Play Store . Instead, WhatsApp has issued a statement through the press urging people to update.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," Facebook said.
In an interview with CNBC on Thursday , Facebook COO Sheryl Sandberg said the firm's investment in safety and security enabled its engineers to find the WhatsApp hack. "Because we're putting more engineers on looking for bugs, looking for vulnerabilities, we found this, we shut it down," she said.
- Meet the shadowy security firm from Israel whose technology is believed to be at the heart of the massive WhatsApp hack
- There's no way to know for sure whether your smartphone was infected by the WhatsApp attack. But here are some signs you should look out for.
- Facebook's sluggish response to the WhatsApp hack shows it's still not learning from catastrophic errors in the past