24 C
Delhi

WhatsApp was hacked, but is it safe to use now?

Reviews

Review: “Desire” by Bob Moses is danced, airy and melancholic

In August, Canadian electronic-duo Bob Moses, formed by Tom Howie and Jimmy Vallance, released their new album "Desire” and boy it’s a...

Why the Vivo X50 is the best camera phone south of ₹40,000

When I tested the Vivo X50 Pro I was in for a shocking surprise. Its camera blew away every phone I had...

Experimental act Hautewulf unveils debut EP “Addicted”

Delhi-based electronic music artist Mohan Kumar who goes by the moniker Hautewulf released his debut EP Addicted. The 3...

Review: Take note, the Galaxy Note 20 Ultra is big, powerful & Samsung’s best phone to date

Samsung makes tons of phones every year and largely for the last decade has remained the premier manufacturer of smartphones across the...
Shivam Vahia
The rage has just begun!

A couple of days ago WhatsApp confirmed that its service was compromised in India and more than 1400 users were being spied upon. These users included prominent politicians, journalists, and activists. Right now, the blame is being put on an Israeli cybersecurity firm — NSO.

While there will be some kind of litigation process, suing the intelligence company is going to be tedious. It is also well known that NSO exclusively sells its spyware (spy software) to governments only. It’s impossible to point a finger towards the culprit, but we need to ensure that our modern means of communication continue to remain safe.

However, there’s more to the story than it meets the eye. Obviously, WhatsApp is here to blame for the security vulnerability the obvious source of concern will be the fact the service is claimed to be one of the most secure platforms with end to end 256-bit encryption. Then, how was someone able to snoop so easily?

So what happened?

  • The spyware used in these attacks is called Pegasus and it’s capable of collecting historic on-board data, continuously monitor activity, and transmit this data to a third party. It can be installed by multiple methods like phishing text messages that trick users into clicking a particular link, using the over-the-air update system, and more.
  • In the case of WhatsApp, it used a vulnerability in the app that allowed infection through missed video calls. This security gap was plugged by the app back in May this year. India wasn’t the only target though, Reuters reports that government officials in more than 20 countries have also been targeted via this method.
  • As a first step, WhatsApp says it has directly reached out to the affected users and patched the vulnerability. The company also stands firm that its end-to-end encryption was never compromised and that the spyware leverages flaws in the operating system to target the user.
  • End-to-end encryption ensures that every bit of data sent from your phone is “encrypted”, or in other words, broken down into small pieces like a puzzle. This puzzle is then “decrypted” or put together on the receiver’s device. To decrypt data, a key is required and that’s privately stored as well as dynamically changed periodically. This ensures that no third-party is able to access your data while its in transit over the internet.

If encryption was working fine, how was Pegasus able to constantly access data?

  • Pegasus is meant to infiltrate smartphones silently and experts say it can evade forensic audits, anti-virus tests, and even self destruct if required. WhatsApp’s video call was just a medium to access the phone, it was ultimately able to function because of gaps or vulnerabilities in the core operating system.
  • Operating systems affected here include Android, iOS, Symbian, as well as BlackBerry. It’s worth noting that BlackBerry OS has a reputation of being rock-solid as far as security goes and is actually trusted by governments and security establishments around the world, so the fact that it managed to bypass it means this is a huge security risk.
  • WhatsApp’s encryption is irrelevant in this case because Pegasus doesn’t actually break it. Hackers are able to see whatever is on your phone as you see it — data is already decrypted and in a readable format.
  • OS makers are already aware of Pegasus’ existence. Google calls the spyware Chrysaor and has a detailed page available on it. Apple’s iOS was proven to be affected way back in 2016 and iOS security update v9.3.5 patched all vulnerabilities that let Pegasus survive. However, the attack did prove that even a closed ecosystem like that of Apple can be compromised, without a hint.

How can you stay safe?

  • Firstly, stop blaming WhatsApp. Researchers are confident that any other instant messenger that’s touted to be more secure, like Signal or Telegram, would face the same conclusion. The standard industry encryption practices are safe enough. Though yes, WhatsApp needs to buckle up and ensure there are no more mediums or open gateways for hackers to exploit.
  • Google recommends you continue updating your device to the latest security patch, obviously. But also goes onto mention that apps on Play Store are scanned for the presence of Pegasus and are safe. Meaning, refrain from installing .apk files and only rely on trusted marketplaces to install new apps.
  • Don’t fall victim to Phishing. In simpler words, click on the links you trust. If some randomly forwarded messages on WhatsApp say you’ve won the lottery, you definitely haven’t. Look at the URLs and only tap on identifiable sources. Browser-based vulnerabilities are widely common, and if not Pegasus, there are chances you may fall victim to simple online fraud

More articles

LEAVE A REPLY

Latest article

Wonder Woman 1984 to hit HBO Max and theatres this December

Warner Bros. has announced that its long-awaited superhero sequel, Wonder Woman 1984 starring Gal Gadot, directed by Patty Jenkins, will debut on...

Apple announces the winners of its second Apple Music Awards

Last year, Apple Music Awards which recognized the best artists and songs of the year. Today, the tech giant has announced the...

Apple’s Shazam has 200 million monthly active users, releases top 100 searched songs

Shazam which was acquired by Apple in 2018 has exceeded 200 million global monthly active users. Of course, Shazam is best known...

Ahsoka Tano – Jedi, Resistance Leader, Legend

The Mandalorian show has been making some really interesting headway that is starting to tie it in with the animated shows. We...

Oprah Winfrey Interviews Barack Obama on Next Episode of ‘The Oprah Conversation’

The 44th President of the United States will be interviewed by Oprah Winfrey on a new episode of The Oprah Conversation. Barack...