Spyware attack on WhatsApp makes so-called secure messaging applications prone to hacks

WhatsApp has issued an alert to its end-users about fresh software getting loaded onto smart-phones to carry out a spyware assault. This, therefore, makes many of the service's 1.5bn end-users doubt the uncomplicated as also protected messaging application's safety.

Financial Times reports that NSO an Israeli company is the developer of the spyware called Pegasus, which exploited the security flaw in WhatsApp. The malware makes encryption, a feature of the application, almost redundant because it can reach the microphone and camera of a phone, view the messages on it, capture screenshots, as well as log keystrokes entered onto the device. The spyware is functional on any OS, including Microsoft's Windows mobile version, Google's Android and Apple's iOS. www.financialexpress.com posted this, May 16, 2019.

If hackers, as has been discovered, could sneak into the WhatsApp messaging service it raises red alert for end-users about so-called secure messaging applications because they then face an uncomfortable reality i.e. it's nice to hear about end-to-end encryption, however, incase anybody could access an individual's phone, especially its operating system (OS), that person would manage reading both the incoming and outgoing messages devoid of the need for decrypting them. Certainly it's important to have encryption facility but it isn't an all-inclusive method for securing communication.

Meanwhile specialists on cyber-security state, the widely-used platform for social media was recently found to be vulnerable to situation where despite encryption, messages were readable. That has let hackers load sinister code onto smart-phones. Before this, it was thought Pegasus would function only when the target victim would follow one phishing web-link for loading the malicious software. Actually, the hack's technical description, which Facebook Inc., owner of WhatsApp posted, shows that hackers can load their malicious code merely by making a phone call to the target.

Security flaw of the aforementioned type isn't the lone one discovered within certain so-called secure messaging application. The point for realizing though is that spyware, which's capable of loading itself devoid of any user-interaction, can get into a device via any channel, whether an SMS/e-mail client, a Web-browser, or some encrypted messenger that contain a not-yet-found flaw thus enabling the attack.

» SPAMfighter News - 5/18/2019