WhatsApp, a Facebook-owned messaging app that boasts end-to-end encryption, alerted its base of 1.5 billion users to security concerns earlier this month.
The company said WhatsApp was vulnerable to a spyware injection through the app’s call function. The spyware affects all previous iOS and Android versions of the app; users were urged to install an update that addresses the security gap. The event has made headlines in major news outlets, and it has been a major topic of conversation within the cybersecurity community.
The spyware program in question, built by Israeli developers at the NSO Group, enables full remote access to a target’s phone. NSO Group, which develops programs for intelligence agencies, claims it neither could nor would use the software to target any person or organization. But reports indicate that a limited number of users — including a human rights lawyer in the U.K. and a researcher for Amnesty International, “which is fighting for the NSO Group to have its export license withdrawn by Israeli government” — had been identified as victims.
In the aftermath of the WhatsApp breach, analysts have been exploring the topic of end-to-end encryption and how effective it is. Certainly, encrypting data is an important part of protection. However, claims of end-to-end encryption as a good-enough security protection have come under fire. Much like locking your doors and thinking you’re completely safe, disregarding other areas of vulnerability can have hazardous results.
There is no magical bullet for cybersecurity, consumer and enterprise alike. Keeping data safe requires a combination of strategies and tools to address potential gaps across networks, systems and applications. Thus, end-to-end encryption is just one piece of the puzzle. If anyone claims a single tool or service can fully guard your data, view those claims with skepticism.
Lunarline supports organizations of all sizes with services and products that help identify and close down threats across the network infrastructure. Our applications, consulting services and training programs can help you bolster your internal resources, while managed security services offer a solution for bridging gaps in your security infrastructure.
For more information on how we can help, contact one of our specialists online today.