Why the WhatsApp hack DOESN'T mean you should stop using the messaging app
- Posted in Privacy
WhatsApp's reputation as one of the world's most secure messaging apps took a battering this week, when it emerged that hackers had managed to install spyware on some users' phones by simply calling them through the app.
The spyware, developed by secretive Israeli cybersecurity and intelligence company NSO Group, allowed hackers to trawl through victims' calls and texts, switch on the phone's camera and microphone and carry out other malicious activities.
They managed all this in spite of WhatsApp's "end-to-end encryption", which means that when you send a message it's scrambled and securely locked, so only the recipient can unlock it with a special key on their phone.
The security measure has been criticised by politicians and intelligence agencies - with former Home Secretary Amber Rudd accusing WhatsApp of providing "a secret place for terrorists to communicate with each other".
But what this week's hack shows is that even encryption isn't enough to keep online communications private.
While end-to-end encryption prevents messages being intercepted as they travel across the internet, it does not stop hackers who have installed spyware on a user's device from reading messages after they have been decrypted.
"The news that a vulnerability in WhatsApp has enabled hackers to inject spyware onto phones demonstrates why end-to-end encryption alone isn't enough to deliver the privacy and security users expect," said Wai Man Yau from cyber security firm Sonatype.
"It's comforting to see that WhatsApp has acted so quickly to roll out a fix, but for a business that has hinged so much of its marketing strategy on its security capabilities, this attack will worry its customer base."
Richard Dennis, founder of cryptocurrency temtum, agreed that the hack shows encryption is not the silver bullet people think it is.
"This attack does nothing to break or crack the encryption, as it attacks the phone directly, so the hacker can hear the data pre-encryption and post-decryption," he said.
"It's a constant arms race for intelligence agencies and tech companies in keeping user data secure, for what now equates to billions of users for some applications.
"With an attack like this, a user can do nothing to prevent it, or even know it was being conducted on them - often thinking because all texts and calls are 'end-to-end encrypted' they are therefore safe - unfortunately that is not yet the case."
Of course, this doesn't mean that encryption is pointless. It still plays a very important role in protecting people's communications at their most vulnerable point - when they are in transit.
It also doesn't mean you should stop using the app - unless you plan on taking yourself offline altogether.
While there are plenty of other chat apps out there, vulnerabilities can be found in any tech, so there is no guarantee they wouldn't experience a similar security breach - plus you have to persuade your friends to switch too, which is no mean feat.
As the world's biggest messaging app, WhatsApp is bound to be a prime target for hackers. But equally, being owned by Facebook , it has deep pockets and near-infinite resources to resist these attacks.
The fact that this vulnerability has been identified and dealt with swiftly means that WhatsApp is slightly more secure than it was a week ago.
So as long as you've installed the latest update on your phone, there's no reason you shouldn't carry on using the app.
