WhatsApp Is Lacking In Security

But then the people behind it don’t care about security. How Hackers Broke WhatsApp With Just a Phone Call.

A new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn’t need to pick up to be infected, and the calls often left no trace on the phone’s log.

Apparently the latest patch fixes some of the problem, and they are “doing infrastructure upgrades” to also address the issue. But WhatsApp is all about convenience. And convenience is in many ways the enemy of security.

“This does indeed sound like a freak incident, but at the heart of it seems to be a buffer overflow problem that is unfortunately not too uncommon these days,” says Bjoern Rupp, CEO of the German secure communication firm CryptoPhone. “Security never was WhatsApp’s primary design objective, which means WhatsApp has to rely on complex VoIP stacks that are known for having vulnerabilities.”

They bad guys are targeting high-profile dissidents and political activists. So probably bad-states.

Advertisements