WhatsApp, which boasts end-to-end encryption and high-level security, disclosed 12 vulnerabilities in 2019, seven of which were described as critical, according to a report by the Financial Times.
The issue highlights potential issues with the app, which is widely seen as safe for people to use as a messaging service. The U.S. National Vulnerability Database, which is run by the U.S. government, said the number of vulnerabilities is a significant increase from previous years, when only one or two vulnerabilities were found.
WhatsApp has been in the news lately because Jeff Bezos, the founder and CEO of Amazon, commissioned a report after he alleged that his phone was hacked through a video message by Saudi Crown Prince Mohammed bin Salman in 2018.
The investigators couldn’t find concrete evidence of whether it was the messaging service or the iPhone X that were to blame. Facebook, which owns WhatsApp, said the iPhone was responsible for the hack.
Nick Clegg, Facebook’s head of communications, said that he thought there was something that “affected the phone operating system,” and that he felt “very, very confident” that the WhatsApp tech had not been an issue in terms of exploitation.
Experts in the field say the vulnerabilities show that WhatsApp has had some issues that haven’t been addressed in a while.
“The fact that they found … serious vulnerabilities in 2019 but didn’t find them before doesn’t mean they just appeared,” said Marc Rogers, executive director of cybersecurity at Okta and head of the security team for the world’s largest hacking conference, DEF CON. “Many of those were likely sitting in there all that time, and there’s a very high chance they were being [exploited].”
Rogers added that the data “strongly suggests” that WhatsApp hadn’t been taking security of the app very seriously. Some say that Facebook was trying to blame Apple for the issue.