New generation malware and ways of protection: What you need to know
infosec tweaks

New generation malware and ways of protection: What you need to know

Every day we hear about new attacks by hackers on companies, organizations, and even individuals. The worrying is that the scammers ...
Read More
infosec

Google Play Protect protects your device from malware. Turn it on!

Due to the recent vulnerability of WhatsApp that enabled hackers to remotely install spyware on both ...
Read More
infosec

Hackers stole sensitive NederWoon customer information

A home rental company, NederWoon, has been hit by hackers. Hackers managed to get into the company's systems ...
Read More
infosec

Snapchat: Employees are spying on users with the SnapLion tool

According to a report from the Motherboard, employees of Snap, the company behind Snapchat, use the ...
Read More
infosec

TalkTalk: 4.500 customer bank information was found on the internet

Recently, it has come to light, a case of violation, which has been a matter of concern to us in the past. This is the data leakage ...
Read More
Latest Posts

End-to-End encryption of WhatsApp is a scam

end

As he says Bloomberg, it was recently discovered that hackers spied users through the app WhatsApp, which proves that End-to-End encryption can sound very good, but it also conceals a dark side. When someone can get into your phone's operating system, they can also read your messages without having to decrypt them first.

The Pegasus spyware, which was created by the Israeli NSO, was the one that exploited vulnerability in the application, according to a reference of the Financial Times. Malware could access the phone's camera and microphone, open messages, record what appears on the device screen, and also record that the user is typing, making encryption useless. It can affect all operating systems, from Apple's iOS, Google Android to the most commonly used version of Microsoft Windows.

Its existence is known in the community of cybersecurity and there are too many who have repeatedly banged the alarm. However, the NSO itself says it does not have Pegasus anywhere, and that it is deactivated in the United States.

Until recently, it was believed that Pegasus could affect a user only after he clicked on a phishing link to install the malicious software. However, according to a statement from the owner of WhatsApp, Facebook Inc., it seems that now hackers can install the malware simply by calling their target phone.

It is not, of course, the only vulnerability of this kind that has been discovered in a hypothetically secure messaging application. Last year, security researcher Ivan Ariel Barrera Oro from Argentina wrote about a similar flaw in Signal. In this case, a hacker could send a specially configured Internet address via a message to the application that installed malicious software.

It is important to understand, of course, that a spyware that can be installed without requiring any action on the part of the user can come from everywhere when there is some vulnerability that has not been repaired.

Applications running over an operating system can allow a malware to control a device in many ways. With a keylogger, a hacker can only see one side of a chat. But if he can access a user's screen, he can keep track of his conversations regardless of the security precautions built into his application.

End-to-End encryption is a marketing device used by companies like Facebook to reassure consumers who are cautious about cyber-surveillance. Encryption is of course necessary, but it is not a secure way of communicating.

Government and private hackers are working hard on new methods for developing malware with operating system privileges. Companies such as NSO are at the forefront of this important project, which can help in terrorism and prevent attacks - or imprison dissidents and stop the revolutions against dictatorial regimes.

The incident with WhatsApp is likely to increase reactions to NSO and may affect Pegasus' export license from the Israeli government. But even if this particular business stops developing malicious software, there will certainly be others who will take their place.

The hard truth is that as much as we do not want it, the digital world is a dangerous part, and whatever security measures we take, there will always be a risk of our data being compromised.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *