The vulnerabilities uncovered in phones raise the question of what allows attackers to install spyware on targeted phones and gain access to personal data such as messages, photos, calls.
One of the recent attacks is known as Pegasus. This spyware can infect your phone with a simple WhatsApp call. Worse still, you don’t have to open this call from WhatsApp. A single call is all it takes and he can gain access to the device. The attacker can then manipulate the call logs to hide their malicious activity.
The good news is that WhatsApp has fixed this security issue with a patch. The bad news is that many people are unaware of such an attack and still haven’t updated their WhatsApp. Although this problem has been resolved, it comes to mind whether messaging services such as WhatsApp are really reliable in protecting our personal data.
Pegasus and NSO Group
According to the report in the Financial Times, this access is then used to install spyware, which is claimed to be Pegasus spyware produced by NSO Group. NSO is currently in the investigation phase of these events.
According to some observations, even if Pegasus software was used in these attacks, it is thought that a customer who sells the software is behind these attacks, not NSO itself.
If you’ve just heard of Pegasus and it doesn’t sound too familiar, this spyware sold by NSO is used as a precaution in the fight against terrorism and crime. The company states its software, “We provide tools to support government officials to legally solve dangerous problems in today’s world. “Governments use our products to prevent terrorism, disrupt criminal operations, find missing people, and assist search and rescue teams.”
When good software turns bad
Even if Pegasus and similar software are produced for good purposes, they always have the potential to be abused. Repressive regimes can use powerful spyware to root out opposition, to spy on opposition.
There are also allegations that Pegasus was used in the capture of Mexican drug lord Joaquin Guzman. However, on the contrary, it is said that Pegasus has been used to target the UAE human rights activist Ahmet Monsoor.
In late 2018, Saudi dissidents filed a lawsuit alleging that Pegasus was used in the murder of journalist Jamal Khashoggi (Cemal Khashoggi). Apart from that, Amnesty International also sued for several points that showed that Pegasus was used by governments to spy on human rights defenders.
Can encrypted messaging services really be secure?
WhatsApp promises its users security and privacy with end-to-end encryption. On its site, the company explains that “just like your messages, your WhatsApp calls are end-to-end encrypted, so WhatsApp and third-party applications cannot listen to your conversations.”
However, if the actual application itself has a security hole, encryption does not make much sense, the device is completely broken, which is exactly what happened to WhatsApp. The real question here has to be, can a piece of software actually be safe? However, it is not possible to give any guarantee in this regard. So the short answer to the question is, no.
Etienne Greeff, co-founder and CTO (Chief Technology Officer) of SecureData, said, “The underlying operating systems like iOS may seem secure, but the ecosystem including all the applications in the operating system is very complex and it is difficult to make it completely secure. hard. Also, zero-day security tools that can be used to protect these complex systems can be very efficient.”
Daniel Follenfant, senior manager at NTT Security, says keeping apps safe is a constant battle, and if they were completely secure we wouldn’t need to constantly release updates with security patches.
In these times when the issue of security and privacy is very important, technology companies also promise their users to keep their data safe. WhatsApp is one of these companies and it should be using the highest security technology. These companies need to minimize these damages very quickly in case of security vulnerabilities.
Relatively comforting in recent attacks is that this software concentrates on selected and targeted people rather than spreading from users to users like a virus. According to the news in The Guardian, the targets known so far are human rights lawyers and researchers in the UK.
If you are not dealing with this kind of work or you have not received any calls from WhatsApp recently from a number you do not know, you are safe. However, the fact that services such as WhatsApp with 1.5 billion users are caught in such vulnerabilities makes people nervous, and also excites the hackers.
What can you do to keep your data safe?
First of all, you need to keep your operating system and the applications installed on your devices in the most up-to-date version. Although WhatsApp has released a security patch quite quickly in the last incident, those who do not update its application are still vulnerable to a possible attack.
Daniel Follenfant states that users should avoid reusing their passwords. “One of the things to think about is to use the same password for everything,” Follenfant says. “For example, if you are a member of a fishing forum and use the same password on Amazon, the attacker will target the less secure forum instead of targeting Amazon.”
Here, we recommend our readers to use different passwords for each platform you use and provide your information.