WhatsApp hack highlights dangers for business
![unified communication news](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMHFERGc9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--613b7714b8c134c94d5d8f6bf3cd7ad6f4fd776f/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lKYW5CbFp3WTZCa1ZVT2d0eVpYTnBlbVZKSWcwM05UQjRORFV3WGdZN0JsUT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--22f36025483381dac86038fbdf0dfe915eb1b311/whatsapp.jpeg)
The communications industry is calling for organisations to stop using consumer-grade, free apps when handling sensitive or commercial information. For people with jobs where security is paramount, for example, journalists, humanitarians, activists or special services working in unfriendly regimes, a phone that has been hacked via an app could put life at risk. For others, the risk of individual’s private information or commercial data being accessed will damage an organisation’s brand integrity and share price. This comes after WhatsApp was recently targeted by cyber criminals.
Daniel Follenfant, Senior Manager Penetration Testing, Consulting Services NTT Security commented, “The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack.
Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a phone without the user even answering.
In its simplest form Buffer overflows are a way of writing code to an area of the application in memory that will then be executed. The WhatsApp exploitation resonates the classic but more sophisticated buffer flow attack. To carry this out the attacker had to deceive the receiver by making a call and then send the sending packets of data during the process of the call- once the packers transfer are complete; the packet execution forces what’s app internal buffer to overflow, overwriting the apps security and allows surveillance capability on encrypted chat, eaves drop on calls and microphone and control the camera.
There is nothing you can do about this; it is a design flaw and WhatsApp has quickly addressed the problem by releasing a patch for applications already running and the new versions do not appear to be susceptible.”
David Holman, Director at Armour Comms said; “This latest case of a serious vulnerability in a consumer-grade app highlights the dangers of using free apps, and that they are simply not robust enough for business. While such apps claim that they are secure because they are encrypted, there is so much more to security than just encryption. Encryption is rarely the weakest link, and therefore, unlikely to be targeted by hackers.
“While this particular exploit may have been to target people with specific jobs, there are various other everyday hacks that can be executed relatively easily by low level criminals against these types of product that put users’ data at risk. Breaches of GDPR are a risk to every type of business and come with significant fines.”
In 2018, German automotive supplier Continental AG banned its workers from using the messenger services WhatsApp and Snapchat on company phones, due to concerns about GDPR compliance and general security.
Holman continued; “These free apps proliferate by stealth through organisations, unless firms take positive action, like in the case of Continental AG last year. There are enterprise-grade apps available that provide the same convenient user experience of consumer grade apps, while keeping the user in control of their data and metadata. Some of these apps, like Armour Mobile, have been certified by the National Cyber Security Centre (NCSC), so users can be confident that the software is secure by design.”
Dan Boddington, Systems Engineer, StarLeaf commented “The latest WhatsApp exploit is an extremely severe security hole. Despite instant messaging becoming a growing part of our culture of communication, social platforms are often unwisely used for the businesses. This example clearly demonstrates that there are many organisations aggressively hunting for flaws in consumer applications for commercial gain and for use by third parties. Consumer apps are not designed for business usage. Therefore, it is the responsibility of every employee to only adopt the right solutions to minimise risk and protect users’ data (company & customer). Secure messaging specifically engineered for the enterprise enables a more mobilised workforce to meet and message more effectively, as well as remain data compliant.”
These issues are discussed at length in a recent episode of Comms Business Live where WhatsApp was referred to as a “Time bomb” for businesses.
Source: commsbusiness
Industry: Unified communication news
![Banner Default Image](https://www.dclsearch.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdytMRGc9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--683221fba4088f48e5f9c99e2719b73064c09cee/banner-default.jpg)
Latest Jobs
-
- Network & Security Consultant
- Spain
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred)for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Security Analyst - Internal role. London commutable. £50,000
- London
- £50,000
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc would be advantageous. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network & Security Consultant
- Romania
- €54000 plus benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Network & Security Consultant
- Hungary
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.