What’s up with WhatsApp?
On Tuesday 14th May 2019, WhatsApp users were urgently directed to update their app. This came after the FT reported on Monday 13th May 2019, that a vulnerability in the WhatsApp voice libraries was being exploited to allow sophisticated spyware to be pushed directly to victims’ smartphones. Compromised devices would be prone to theft of much, if not all, sensitive information.
Facebook, the owners of WhatsApp, acknowledged that the hack was discovered in early May but did not share information about how many users were affected. Our guess is that it wasn’t many – but we’d bet that those who were targeted were high value individuals who used WhatsApp thinking that it was somehow a safe haven communications system.
It is widely reported that the Israeli cyberarms company – NSO Group, which is well known for selling technology exploits to Governments, provided the technology. It is believed that they used this exploit to deploy the Pegasus spyware onto unsuspecting iOS WhatsApp users’ phones.
Once Pegasus is installed on a user’s smartphone, the attacker can record phone calls, open messages, control the camera and microphone, and view location data.
Why would they use WhatsApp?
WhatsApp is the ideal app to carry out an attack like this. With ~1.5B users, it is the perfect example of a successful consumer communication app. Immediately after installing WhatsApp you share your personal contact list with them – joining their global directory. If another user on the system has your number – regardless of whether you know them or not – there is nothing preventing them from “just calling you”.
Why organisations shouldn’t be using Consumer apps for business: Salt Communications’ CEO Joe Boyle stated, “This attack could not have happened on the Salt Communications system. This latest WhatsApp hack emphasises the threat posed by consumer apps with open contact lists and directories. Claiming that an app is ‘secure’ simply because it uses encryption for the messages is a mistake. Security requires control and management around the encryption and Salt provides this protection better than anyone else on the market today.”
Threats imposed by using an open system:
For organisations where privacy is crucial, such as in the legal field, large enterprise or security services functioning within Government, the use of a consumer app to carry out your communications is high risk.
Salt Communications’ high security system provides the same convenient user experience as consumer apps but in a safe and protected manner, enabling the customer to have full, centralised control of the system at all times. Salt Communications’ Enterprise is the best armour organisations have to protect trade secrets and other sensitive, strategic and proprietary information when communicating on mobile devices. It is a software solution that is more than a secure mobile app: it has a web-based management platform for dynamic provisioning of secure mobile voice and text communications.
We understand the security of mobile communications in today’s global business environment is paramount, that’s why Salt Communications is built with the features and technology to keep your communications private and compliant.
If you have any questions about this article, please contact us on firstname.lastname@example.org and we’d be happy to assist you in any way.
About Salt Communications
Salt Communications, ranked in the top half in the Cybersecurity 500, provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The Salt Communications Desktop and Mobile apps are intuitive and easy to install and use. Salt Communications’ Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. Salt Communications is headquartered in Belfast, Ireland, for more information visit saltcommunications.com.