Electricity + Control 2019

CYBER SECURITY

Lessons learnt from the WhatsApp hack

I t recently came to light that there had been a targeted attack in WhatsApp. It was report- ed that hackers were able to install surveillance software on phones and other devices remote- ly, exploiting a vulnerability in the popular global messaging app. This latest attack reminds us once again how vulnerable mobile devices are. Often used for per- sonal as well as business communications, mo- bile devices are one thing most of us never leave home without. WhatsApp is installed on 1.5 billion devices worldwide. The attack reportedly successfully installed spyware on an unknown number of tar- geted devices. Unbeknown to these WhatsApp users, the attackers obtained complete access to everything on their mobile devices: personal and corporate information, email, contacts, camera, microphone, and the individual’s location. WhatsApp, subsequently, is encouraging cus- tomers to update the app on their devices as quickly as possible and to keep their mobile oper- ating systems up to date. The attackers used the vulnerability to insert malicious code and steal data from Android and iPhone smartphones simply by placing a WhatsApp call, even if the victim did not pick up

the call. The spyware erases all logs of the call so that victims remain unaware that their device has been hacked. The WhatsApp hack illustrates that despite their best efforts, Apple and Google cannot com- pletely secure the users of mobile devices running their operating systems. In order to ensure users are properly protected, a mobile threat defence solution must be in place to prevent spyware from gathering intelligence on its targets. According to Check Point Software Techno- logies, the solution involves several steps: - Identifying advanced rooting and jailbreaking techniques - Detecting unknown malware - Preventing malicious outbound communica- tions to command and control servers. All the steps above must be enabled as a best defence to prevent sophisticated attacks like the WhatsApp hack. If spyware is detected after in- fecting the device it is too late. The priority is to ensure that the attack is prevented before it in- fects the mobile device. If, however, the device becomes infected, it’s critical that no data should be extracted from of the device. Check Point’s SandBlast Mobile and ZoneAlarm

Mobile Security offer protection from sophis- ticated cyberattacks on mobile devices.

Electricity + Control

JUNE 2019

39