Podcast Episode Details
Back to Podcast Episodes
Critical WhatsApp Vulnerability, Facial Recognition Ban, Wormable Flaw in Windows
This is your Shared Security Weekly Blaze for May 20th 2019 with your host, Tom Eston. In this week’s episode: A serious spyware vulnerability in WhatsApp, San Francisco bans facial recognition, and a wormable vulnerability in older Microsoft systems.
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Facebook has revealed a major vulnerability in its popular WhatsApp messaging app which is used by 1.5 billion users. This vulnerability allows malicious spyware to be installed by initiating a call over WhatsApp’s voice calling feature. The vulnerability is so serious that the spyware would be installed even if the call wasn’t picked up. WhatsApp said that only a select number of users were victims and that the vulnerability affects all but the latest version available for Apple iOS and Android. Now it should be no surprise that this spyware was also linked back to the infamous Israeli NSO Group which is known for selling highly advanced spyware to governments and nation states. We’ve mentioned the NSO Group many times on the podcast before when we had talked about their Pegasus spyware which can read messages, turn on the microphone and camera and completely take over the device. Of course reports say that the NSO Group has denied any involvement in the WhatsApp vulnerability. WhatsApp has fixed the vulnerability and if you happen to use WhatsApp you need to update to the latest version immediately.
What’s really disturbing about a vulnerability like this is that you as the victim can’t really do anything to protect yourself, except not have the app installed. We’re seeing more of these types of vulnerabilities and many of them are taking advantage of zero-day vulnerabilities where only the exploit developer has the exploit, and the device manufacture like Apple is unaware. This is not going to be the last time we see something as dangerous like this so our best advice is to keep your device and apps always updated. That’s about all you can do to protect yourself, or just not use a mobile phone.
The other controversy around the WhatsApp vulnerability I want to talk about was a related story that came out in a Bloomberg article which said that end-to-end encryption is nothing but a marketing gimmick. The article went as far to say quote “End-to-end encryption is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security.” end quote. First of all, this is wrong and extremely misleading. But don’t take my work for it, the cybersecurity community reaction on social media was swift to dismiss the FUD being thrown in this article. Look, zero-days and app vulnerabilities aside, end-to-end encryption is not a gimmick. It’s a real and very important technology to protect your information. End-to-end encryption has nothing to do with this particular vulnerability as the exploit completely compromises the device not the transit of messages themselves which is what end-to-end encryption protects. Oy vey. Check out our show notes to read this terrible article for yourself. And let’s hope news organizations like
Published on 6 years, 7 months ago