A joint investigation by the Guardian and the French newspaper Le Monde reveal that Bishop Benoît Alowonou and five other critics of Togo’s repressive government have been targeted by the spyware technology in WhatsApp last year. Cybersecurity experts provide an insight on this news,
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This phone hack over WhatsApp drives the message home that we are all vulnerable to attack. However, too many of us ignore important security warnings and fixes because we\’re too busy to update the software, or we think they\’re not that important to act upon. In many cases, those updates and fixes are the result of discovering vulnerabilities that could have real-world consequences with our data.
WhatsApp is encrypted, meaning data cannot be intercepted by anyone. However, if someone has control of either phone, this is the encryption key and it could be used to send an attack or malware via a link or attachment. Users need to be extra vigilant when clicking on links and opening attachments in any message. Understanding the risks and auto-updating our devices can help mitigate these attacks.
The fact that this security gap was allowed to exist in such a prominent messaging platform is definitely a cause for concern, particularly one which prides itself on user privacy. WhatsApp has an estimated 1.5 billion monthly users, and in developing democracies such as India where WhatsApp counts 200m user base, it has become a substitute for town-square talk. To see it targeting high-profile targets shows the app as a potential disruption to the democratic process from the perspective of high-end targets as well as widespread misinformation. WhatsApp needs to seriously consider how it allowed such an attack to take place if it wants to retain its reputation for privacy.