The WhatsApp hackers still have access to huge numbers of phones because people are not updating the app

christian wiediger/unsplashYour phone is vulnerable to attack unless you update WhatsApp.

WhatsApp has said very little about a major hack this month – and it shows.

An alarming number of people are failing to update the Facebook-owned app, leaving the door open for bad actors to get their hands on personal information, including messages and data location.

That’s according to research by Wandera, a smartphone-security company that counts Rolex, Deloitte, General Electric, and Bloomberg among its customers.

Wandera helps secure the smartphones of employees at these companies, and it has more than 1 million devices under its management, 30% of which have WhatsApp installed.

That means it can see whether the users of 300,000 devices have taken Facebook’s advice and updated WhatsApp to patch the security vulnerability, which was first spotted by the Financial Times.

Read more

: WhatsApp users are being urged to update the app immediately after it was hacked – here’s how to get protected

As of Thursday, Wandera found that 80.2% of iOS devices within this pool of 300,000 were not updated, while 55.4% of Android devices were also vulnerable.

Just one of Wandera’s customers, who it declined to name, had 5,000 vulnerable devices on its books, the company said. That’s a lot of people effectively inviting in hackers to steal their personal and professional data.

The hackers, who have not been identified, gained access by exploiting a vulnerability in WhatsApp’s call functionality to install surveillance technology developed by Israel’s NSO Group. Even if the target doesn’t take the call, the malware is able to infect the phone.

Read more: Facebook’s sluggish response to the WhatsApp hack shows it’s still not learning from catastrophic errors in the past

WhatsApp has not notified users directly about the issue, and security isn’t mentioned as part of the app update process on the Apple App Store and Google Play Store. Instead, WhatsApp has issued a statement through the press urging people to update.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” Facebook said.

In an interview with CNBC on Thursday, Sheryl Sandberg, Facebook’s chief operating officer, said the firm’s investment in safety and security enabled its engineers to find the WhatsApp hack. “Because we’re putting more engineers on looking for bugs, looking for vulnerabilities, we found this, we shut it down,” she said.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.