The fallout from the U.S. crackdown on Huawei intensified this week, as trade negotiations between Washington and Beijing reportedly hit a roadblock.Asia Marketsread more
The issue of corporate debt has surfaced as companies continue to use the low rates the Fed has provided to lever up their balance sheets.The Fedread more
The U.S. government on Monday temporarily eased some trade restrictions imposed recently on China's Huawei, a move that sought to minimize disruption for the telecom company's...Technologyread more
Most U.S. hedge funds aren't expecting another big stock market sell-off as more firms curb bets on volatility, according to Nomura.Marketsread more
Mall owners are increasingly building out food halls with local chef-driven eateries, sushi bars and premium coffee shops.Retailread more
While Trump's lawyers had argued that the committee's subpoena did not have a legitimate legislative purpose — and was therefore invalid — Mehta took a broader view.Politicsread more
See which stocks are posting big moves after the bell on Monday, May 20.Market Insiderread more
Silicon Valley argues that Wall Street focuses too much on near-term profits — but investors have embraced money-losing biotech IPOs.Marketsread more
U.S. President Donald Trump told his supporters in Pennsylvania that his high-stakes trade war with China had strengthened the state's steel industry and jobs.Politicsread more
Iran has quadrupled its output of nuclear material amid rising tension with the U.S. and dangerous escalations in the Middle East.Energyread more
The announcement comes amid a wave of store closures across the country this year.Retailread more
What users may not have expected, however, was that their conversations could potentially be tapped by a third party — another company with the means to create powerful malware that could intercept protected conversations, as reported by the Financial Times on Monday. The report outlines allegations that an Israel-based company was able to successfully install malware that could have been used for surveillance on phone calls made over the app.
WhatsApp confirmed the vulnerability of its app, but did not name the perpetrator.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a spokesperson told CNBC in a statement Monday. "We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users."
The Financial Times named Israel-based cyersecurity company, NSO Group, for the incident. WhatsApp has already indicated the attack looks as though it was conducted by a private company that works with governments to deliver spyware, and a "select number" of users were targeted.
NSO Group is best known for its reported, though not confirmed, role in assisting the FBI in opening the phone of the San Bernardino mass shooter after Apple fought an FBI request to do so.
"NSO's technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO Group said in a statement. The company emphasized that it does not use the hacking tools itself, and the tools are "solely operated by intelligence and law enforcement agencies."
"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system," the company said, though it did not clarify whether the WhatsApp issue represented a "misuse" of its tools, but a person familiar with the company said only licensed government intelligence and law enforcement agencies use its tools for "specific terror or criminal threats or investigations."
The claims could raise serious problems for WhatsApp's reputation, which has been built on the privacy and security of the end-to-end encryption in its very popular texting and voice calling application.
End-to-end encryption means data sent via WhatsApp is scrambled in transit, and only understandable by the party sending it and the party receiving it — whether the data is in the form of texts, pictures or voice conversations. It's a major selling point for the application.
WhatsApp's security in transit has made it a popular choice for people wishing to communicate "out of band" — off regular, unencrypted or corporate communications channels — about all manner of personal information, including everything from legal and business matters to personal or political problems.
An unknown party, according to the FT report, sought to acces decrypted data on the devices of targeted individuals using the malware, targeting human rights attorneys and using the NSO Group's tools to do so. The malicious code is designed to target communications databases housed on the devices.
WhatsApp reportedly said it had contacted Justice Department authorities.
The investigation is in its early stages, but WhatsApp will have to fight to maintain its reputation among security-minded customers who are worried their data could be compromised not, only by the Israeli company, but by any other individual.
— CNBC's Saheli Roy Choudhury contributed to this report.
Correction: This article has been updated to correctly reflect that the malware in question accesses data already stored on a customer's device.