As he says Bloomberg, it was recently discovered that hackers spied users through the app WhatsApp, which proves that End-to-End encryption can sound very good, but it also conceals a dark side. When someone can get into your phone's operating system, they can also read your messages without having to decrypt them first.
The Pegasus spyware, which was created by the Israeli NSO, was the one that exploited vulnerability in the application, according to a reference of the Financial Times. Malware could access the phone's camera and microphone, open messages, record what appears on the device screen, and also record that the user is typing, making encryption useless. It can affect all operating systems, from Apple's iOS, Google Android to the most commonly used version of Microsoft Windows.
Its existence is known in the community of cybersecurity and there are too many who have repeatedly banged the alarm. However, the NSO itself says it does not have Pegasus anywhere, and that it is deactivated in the United States.
Until recently, it was believed that Pegasus could affect a user only after he clicked on a phishing link to install the malicious software. However, according to a statement from the owner of WhatsApp, Facebook Inc., it seems that now hackers can install the malware simply by calling their target phone.
It is not, of course, the only vulnerability of this kind that has been discovered in a hypothetically secure messaging application. Last year, security researcher Ivan Ariel Barrera Oro from Argentina wrote about a similar flaw in Signal. In this case, a hacker could send a specially configured Internet address via a message to the application that installed malicious software.
It is important to understand, of course, that a spyware that can be installed without requiring any action on the part of the user can come from everywhere when there is some vulnerability that has not been repaired.
Applications running over an operating system can allow a malware to control a device in many ways. With a keylogger, a hacker can only see one side of a chat. But if he can access a user's screen, he can keep track of his conversations regardless of the security precautions built into his application.
End-to-End encryption is a marketing device used by companies like Facebook to reassure consumers who are cautious about cyber-surveillance. Encryption is of course necessary, but it is not a secure way of communicating.
Government and private hackers are working hard on new methods for developing malware with operating system privileges. Companies such as NSO are at the forefront of this important project, which can help in terrorism and prevent attacks - or imprison dissidents and stop the revolutions against dictatorial regimes.
The incident with WhatsApp is likely to increase reactions to NSO and may affect Pegasus' export license from the Israeli government. But even if this particular business stops developing malicious software, there will certainly be others who will take their place.
The hard truth is that as much as we do not want it, the digital world is a dangerous part, and whatever security measures we take, there will always be a risk of our data being compromised.