One Year on From Whatsapp Hack- What’s Changed?

In 2019, WhatsApp was hacked using sophisticated NSO spyware, Pegasus, used to spy on iOS WhatsApp users’ phones.

By Nicole Allen, Marketing Executive, SaltDNA

One year on from WhatsApp Hack – What’s changed?

In May 2019, SaltDNA published a blog about the latest WhatsApp security vulnerability which was made public on the 13th of May 2019. It was in reference to the sophisticated NSO spyware, Pegasus, being used to spy on unsuspecting iOS WhatsApp users’ phones by recording phone calls, opening messages, and controlling the phone’s microphone and camera.   Since this incident WhatsApp has sued the NSO Group, claiming that the cyber attack violated US laws, including the Computer Fraud and Abuse Act (CFAA).  This case is ongoing and it is unclear how it will be resolved.

That is not the end of the problem. Just a month after the incident in May 2019 there was a security hack that allowed a hacker to transform an audio call into a video call, without the victim knowing. According to The Independent, researchers from cybersecurity firm, Symantec, uncovered the ‘Media File Jacking’ vulnerability. Android users were now the main targets for this attack. Such a vulnerability gave hackers the ability to “misuse and manipulate sensitive information, for personal gain or to wreak havoc.”

According to The Financial Times, since 2019, there has been a severe escalation in the number of WhatsApp security flaws. With 2 billion users and an open and unrestricted user base, WhatsApp is still the most popular chat app in the world.  Consumers are not worried about well-documented security flaws – except maybe for those (prosumers) using it for sensitive business communications. For these CISOs of these users, the increasing number of bugs, trojans, flaws and hacks is becoming more and more difficult to ignore. Does the obvious ease-of-use outweigh the risk?

In January 2020, WhatsApp was put at the forefront of the news again, when The Guardian released an article stating that Amazon Founder, Jeff Bezos, believed that an encryption message sent to him from the Saudi Arabian Crown Prince, Mohammed Bin Salman injected malicious software onto his phone.

Not surprisingly, it has been revealed that while WhatsApp has typically been the main communication channel for MP’s, world leaders, and business moguls, the European Commission has stated that ‘WhatsApp should not be the app of choice’ for those who want to keep their communications private. This decision comes a month after the United Nations claimed that ever since the May 2019 security vulnerability, officials have been barred from using WhatsApp due to security fears.

Then came COVID-19…

The main impact of global pandemic has been the disappearance of business travel and the closure of many work offices for long periods. Effective remote working requires frequent communication through smartphones, laptops, tablets, and maybe even the odd landline call! There has obviously been a massive increase in the use of real-time communication apps to try to fill the gap in face-to-face meetings. However, there is a good reason why a lot of these meetings would normally take place in person, namely, the sensitivity of the subject matter.  With the existence of security flaws associated with WhatsApp and other consumer messaging applications, organizations that deal with sensitive content must be more aware of the risks associated with using these applications.

WhatsApp is a consumer app and by definition, the end-user is in control of how they use the system.  WhatsApp has no concept of a corporate admin portal to configure security settings nor does it have a reporting function to ensure compliance.

As a large number of decision-makers within organizations are now being forced to work from home, the continued use of consumer messaging applications poses a great risk for these organizations due to the inherent insecurity of the systems.

The fact remains a year later, that organizations that deal with sensitive business, government, or client information should not use consumer apps to share information. By choosing a closed system, such as SaltDNA, organizations are protected against the risk of critical and private data being compromised.

SaltDNA understands that encryption is simply not enough to secure data. SaltDNA offers a highly secure platform that provides the same convenient user experience as consumer apps, but in a safer and more secure manner, enabling the customer to have full, centralized control of the system at all times. SaltDNA is the best armour organizations have to protect trade secrets and other sensitive, strategic, and proprietary information. Especially during these uncertain times when nearly all communication is taking place via mobile phones. SaltDNA offers a software solution that is more than a secure mobile app: it also offers a web-based management platform that allows for the dynamic provisioning of secure mobile voice and text communications.

To find out more information about the award-winning SaltDNA secure communications platform or to avail from a free trial, please contact our team at info@saltdna.com.

About SaltDNA

SaltDNA is a multi-award winning cybersecurity company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more information visit www.saltdna.com.

About the Author

Nicole Allen, Marketing Executive at SaltDNA. Nicole completed her university placement year with SaltDNA, as part of her degree studying Communication, Advertising, and Marketing at the University of Ulster. Nicole worked alongside her degree part-time during her final year and recently started full time with the company having completed her placement year with SaltDNA in 2018/19.

Nicole can be reached online at (LINKEDIN, TWITTER  or by emailing nicole.allen@saltdna.com) and at our company website https://saltdna.com/.