- “It’s definitely possible or even likely that at least some other apps will have similar vulnerabilities,” said Tom Uren, a senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre.
- Messaging platforms usually secure the transmission of messages between users, but that’s not a “panacea,” said Tom Kellermann, chief cybersecurity officer of Carbon Black.
It’s not just WhatsApp, almost everything connected to the internet is at risk of cyberattacks. That’s what experts are emphasizing following news that the messaging platform had been targeted by spyware.
The vulnerability in the world’s most popular messaging platform, which was first reported by the Financial Times, allegedly allowed an Israel-based company to install malware onto both iPhone and Android phones. The security weakness reportedly could have been used to tap calls made with the app.
A spokeswoman said Facebook-owned WhatsApp encouraged users to update the application in order to protect against “potential targeted exploits designed to compromise information stored on mobile devices.”
But even after the patch, users should keep in mind that there will always be vulnerabilities on mobile applications.
“It’s definitely possible or even likely that at least some other apps will have similar vulnerabilities,” said Tom Uren, a senior analyst in the Australian Strategic Policy Institute’s International Cyber Policy Centre. “Pretty much the entire suite of apps that ‘talk’ over the internet could be vulnerable.”
That’s because the apps are “constantly updated” to introduce new features, said Ori Sasson, founder of cyber-intelligence firm S2T.
“While updates can fix known defects and vulnerabilities, they can insert new unknown ones,” he said. In software development and testing, engineers can identify weaknesses, but it is “literally impossible” to prove the absence of a vulnerability in a “non-trivial application,” he added.
Tom Kellermann, chief cybersecurity officer of U.S.-based cybersecurity firm Carbon Black, echoed that sentiment.
“The unfortunate reality is that most messaging apps have vulnerabilities that can be exploited by sophisticated cyber spies,” he said. “No messaging service is bulletproof.”
Such platforms usually secure the transmission of messages between users, but that’s not a “panacea,” Kellermann said.
Most security ratings for such platforms relate to encryption, which implies reduced risk of eavesdropping on messages and calls, explained Sasson. He noted that WhatsApp, like BBMe and other apps that are “considered secure,” has end-to-end encryption.
In the case of the WhatsApp attack, however, it was about “secure application development” rather than how well the app protects privacy and security, said Uren of ASPI, a Canberra-based think tank.
Security shouldn’t be an ‘afterthought’
The onus is on developers to create secure apps, said experts, although one added it may not be realistic to expect a group to identify all vulnerabilities.
“For a consumer, there is very little you can do except update your apps and operating system as bug fixes and updates get released,” said Uren…