Keep Calm and Update Whatsapp
WHAT HAS HAPPENED, and WHY IS IT A BIG DEAL?
NSO group, a secretive Israeli company has been marketing a vulnerability called a ‘Zero Click Zero Day’ vulnerability in Whatsapp for about a year to surveillance agencies and governments. This type of vulnerability is one where the maker of the app itself, in this case, Whatsapp itself was not aware that a vulnerability existed, and so a Zero Day. ‘Zero Click’ because the targeted user does not need to click on anything, or open anything, it happens silently in the background.
STATEMENT FROM OUR SUBJECT MATTER EXPERT: Ankush Johar, Director at HumanFirewall, an award-winning security awareness and end-to-end remediation platform that transforms human behaviour.
“This type of vulnerability is lethal, because ‘Zero Click Zero Day’ type vulnerabilities mean that the attacker is able to infect your phone without you taking any action whatsoever. Just a phone call on WhatsApp and your phone gets infected. It is that lethal.”
“It is yet unclear whether this infection can spread from WhatsApp to the entire device yet, but Whatsapp data itself including calls and messages definitely are. Also, it is not known yet if updating to the latest build removes the infection from an already infected device.”
“It is a big deal because such vulnerabilities are extremely dangerous and can hurt free speech activists, lawyers, critical agencies’ employees, journalists, human rights defenders among others. They think that their conversations are encrypted end-to-end and cannot be intercepted, but with this vulnerability, they can!”
WHY KEEP CALM?
Such vulnerabilities carry multi-million dollar price tags, and unless your conversations are meant to be ultra confidential, and you are involved in handling highly sensitive matters, you are unlikely to have been targeted. This does not mean that you have not been targeted.
For users handling sensitive matters, we recommend that you do a fresh install of Whatsapp, and start afresh, i.e no reloading of backed up data. The infection may get reloaded from the backup data as well.
“The only solution from a consumer perspective lies in becoming suspicious by nature and be always vigilant of such mishaps. Diligently following some good practices mentioned below can always help you safeguard and be in a much secure place” says Ankush Johar, Director at HumanFirewall, an information security platform aimed at altering one’s psychology through simulated attacks and effective training.
Government's e-procurement software hacked, Rs 1.5 crore sipho
It is true that hackers used to hack government websites either to steal cl...
Clean Up of Email In Inbox Could Help Save Energy
It is true that, old e-mails consume energy. E-mail providers store our mes...
Microsoft discontinuing it's Professional Program
Three years ago, when the Microsoft Professional Program launched to to h...