The biggest U.S. gasoline price surge in years is running out of steam just in time for the start of the summer driving season.Energyread more
Stocks rose on Friday, but notched weekly losses as investors worried the U.S.-China trade war is hurting economic growth.US Marketsread more
The combination of mounting recession fears, bets on a more cautious Fed and a regular uptick in market volatility could spell more losses.Marketsread more
The therapy, Zolgensma, is a one-time treatment for spinal muscular atrophy — a muscle-wasting disease and leading genetic cause of infant mortality, affecting 1 in every...Biotech and Pharmaceuticalsread more
SpaceX has raised just over $1 billion in financing since the beginning of the year.Investing in Spaceread more
An analyst for Ark Invest, which has a major investment in Tesla, says recent drastic price-target cuts by others on Wall Street are missing the big picture.Investingread more
A federal judge in California has blocked President Donald Trump from building sections of his long-sought border wall with money secured under his declaration of a national...Politicsread more
Former Foreign Minister Boris Johnson is seen as the bookmaker's favorite to succeed outgoing Prime Minister Theresa May.Europe Politicsread more
The race is underway to find a vaccine that can control African swine fever, a highly contagious and deadly viral infection ravaging China's hog population. There is currently...Agricultureread more
Apple bought Tueo Health, which was developing tech to help parents monitor asthma symptoms in children, using a mobile app and commercial breathing sensors.Technologyread more
What users may not have expected, however, was that their conversations could potentially be tapped by a third party — another company with the means to create powerful malware that could intercept protected conversations, as reported by the Financial Times on Monday. The report outlines allegations that an Israel-based company was able to successfully install malware that could have been used for surveillance on phone calls made over the app.
WhatsApp confirmed the vulnerability of its app, but did not name the perpetrator.
"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a spokesperson told CNBC in a statement Monday. "We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users."
The Financial Times named Israel-based cyersecurity company, NSO Group, for the incident. WhatsApp has already indicated the attack looks as though it was conducted by a private company that works with governments to deliver spyware, and a "select number" of users were targeted.
NSO Group is best known for its reported, though not confirmed, role in assisting the FBI in opening the phone of the San Bernardino mass shooter after Apple fought an FBI request to do so.
"NSO's technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO Group said in a statement. The company emphasized that it does not use the hacking tools itself, and the tools are "solely operated by intelligence and law enforcement agencies."
"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system," the company said, though it did not clarify whether the WhatsApp issue represented a "misuse" of its tools, but a person familiar with the company said only licensed government intelligence and law enforcement agencies use its tools for "specific terror or criminal threats or investigations."
The claims could raise serious problems for WhatsApp's reputation, which has been built on the privacy and security of the end-to-end encryption in its very popular texting and voice calling application.
End-to-end encryption means data sent via WhatsApp is scrambled in transit, and only understandable by the party sending it and the party receiving it — whether the data is in the form of texts, pictures or voice conversations. It's a major selling point for the application.
WhatsApp's security in transit has made it a popular choice for people wishing to communicate "out of band" — off regular, unencrypted or corporate communications channels — about all manner of personal information, including everything from legal and business matters to personal or political problems.
An unknown party, according to the FT report, sought to acces decrypted data on the devices of targeted individuals using the malware, targeting human rights attorneys and using the NSO Group's tools to do so. The malicious code is designed to target communications databases housed on the devices.
WhatsApp reportedly said it had contacted Justice Department authorities.
The investigation is in its early stages, but WhatsApp will have to fight to maintain its reputation among security-minded customers who are worried their data could be compromised not, only by the Israeli company, but by any other individual.
— CNBC's Saheli Roy Choudhury contributed to this report.
Correction: This article has been updated to correctly reflect that the malware in question accesses data already stored on a customer's device.