MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/1134553
NEWS OF A WHATSAPP VULNERABILITY Ah, Facebook — do they ever fail to disappoint? Apple Insider says that WhatsApp, which Facebook owns these days, has shared with the public the news that it fixed a vulnerability in its Voice-over-IP (VoIP) protocol. This wasn’t just any vulnerability, though — this was a serious flaw that allowed hackers to infect devices and install spyware without user knowledge. The flaw affected both Android systems as well as iPhones. Using the bug in the way WhatsApp handled digital phone calls, hackers could call up one of their targets and automatically force that user’s phone to download and run their spyware payload. Victims didn’t even have to pick up the phone or even notice the call; hackers just had to reach out and trigger it on their own. The good news: it only took the WhatsApp team about ten days to fix the problem once it was identified, an impressively quick turnaround, all things considered. The bad news, though, is that there’s no telling how long the bug was in the software before WhatsApp discovered the problem early in May. Oh, and the really bad news? Facebook says that they do know that hackers did, in fact, exploit the flaw this time, affecting an “unknown” number of users with spyware. So how worried should you be about this event? Thankfully, “not very” — and not at all if you don’t use WhatsApp. If you do, though, as long as you’ve done your updates, you should be A-OK to continue without worrying about being affected by this bug. Unfortunately, though, there’s no telling what damage has already been done to others since developers aren’t sure yet how long the flaw was in the code. However, investigations by security researchers into this mess indicate that it may not have been rogue hackers exploiting the loophole, but rather an Israeli vendor called the NSO Group — a team that often works with governments looking to target mobile phone operating systems for intelligence gathering purposes. So, unless your alter ego is secretly James Bond, you’re probably not going to end up in the crosshairs for a targeted malware campaign using a sneaky WhatsApp vulnerability. What if that’s true for you, though? Let’s suppose that you’re a vocal political activist concerned about being targeted for your actions — or maybe you’re just paranoid. Could you know whether you were targeted in this attack? Unfortunately, no. One concern plaguing phone owners right now, especially on iOS, is the lack of tools (official or otherwise) to determine whether your device has been compromised somehow. You’ll have to resort to more basic methods of discerning something is wrong, such as watching battery and bandwidth consumption. If you’re continually using more of these resources than you would normally expect, there may be something wrong with your device. Of course, you can also try deleting apps that you don’t use as a precaution — the fewer apps you have on your phone, the fewer opportunities for one of them to become a conduit for spying on your activities.