Liz Truss continues to be the talk of the town. With new investigations due to the hacking of her phone, this is the latest in several government scandals involving personal messaging devices.
One critical problem at the highest level of power is WhatsApp usage. This poses a huge danger to our national security, which must stop now. An alternative is needed.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The power of phone hacking software Pegasus must never be underestimated as its sheer presence on a target phone can be terrifyingly invasive. Its quiet, under the radar delivery method enables it to monitor the vast majority of a device and those targeted will have no idea of its residence. The spyware is able to read messages, see real time location and even listen in by taking control of the microphone and once deployed on a device, it is extremely difficult to remove Pegasus and will remain compromised. High profile people such as politicians are often targeted so it is extremely important they keep their personal phone number private and to change it immediately if ever leaked. It is also imperative that they keep their phones up to date and patched with the latest security updates to reduce the chance of such attacks
An immediate government inquiry into the alleged phone hack is needed. Thus far the lesson is to presume compromise and act accordingly. We are talking about the most obvious of targets that everyone should assume are in the crosshairs: senior ministers of one of the most powerful nations on earth, aligned with a country at war with a pariah nation with demonstrated cyber capabilities and the will to hack. At a minimum, no high-ranking government officials should be using personal phones and devices to conduct any business. But I’d guess that many officials around the world are doing it. Also, let’s not forget in a digital world, that we also have to secure their cars, homes, family phones, family iPads, etc.
Overall, as the value of a target goes up, so should the attention to detail and the security measures. Simply having “normal” measures isn’t enough when dealing with the leadership of a nation like the United Kingdom. Secondly, politics clearly played a role here. Whether or not the former Prime Minister Boris Johnson hid the breach of Liz Truss’s phone from the media, measures were hopefully taken to remediate it.
While UK government officials claim there are robust security measures in place to prevent cyber-attacks, enforcement should really get stronger as rank increases. This is true in government as much as in the private sector and should be an object lesson to executives everywhere to make sure to not flex the muscles of privilege to get exemptions. The crosshairs of criminals and foreign powers are on you. For real.
Today, we lack any information on how the alleged breach occurred, making it impossible to draw parallels with other similar compromises of senior officials in governments past, present or future. As details of the compromise are learned, it will become even more political, so whether it is done publicly or under the aegis of national security is irrelevant so long as lessons are learned and security improves.
A government-level messenger needs to be secure, ensure all conversation and data stays on government-owned hardware, and that there’s an auditing function for record-keeping (just like email).
WhatsApp, and personal messaging apps are totally inappropriate in the workplace as they are none of these things.
WhatsApp is a free consumer-grade messaging app that is owned by Meta, the parent group of Facebook – a US company that makes its money by data mining its users. That WhatsApp is routinely used by the UK government is truly astonishing and should be of considerable concern.
The UK’s ICO has already warned against the use of WhatsApp within the government. The SEC has issued more than $1B in fines to banks for using WhatsApp.