InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
The security breach at WhatsApp caused turmoil, and not just among experts, but also for private individuals. This means that cyber security is no longer just an issue for companies, but for all of us. Our cyber security experts will explain to you how the WhatsApp hackers went about it and how you can make your smartphone secure!
Last week, it became public that WhatsApp, the instant messaging service provider, had been hit by a serious security breach (see also our Chief Consulting Officer, Franco Cerminara, being interviewed for the Tele1 News). The breach allowed attackers to execute code on the user's smartphone without the user being involved. The attacker only had to call the victim – it couldn't be simpler! The attacker uses a vulnerability in the implementation of the VoIP signalling protocol SRTCP (Secure Real-time Transport Control Protocol) from WhatsApp. This allowed them to transmit a malcode without even a call being answered. The operator of WhatsApp, Facebook, has issued a warning and instructed users to update the app immediately.
The vulnerability (CVE-2019-3568) is very complex. It is presumed to have been developed by the israeli company NSO Group to enable its customers to install Pegasus surveillance software on target devices. NSO states that it only licenses its own products to governments and does not select targets for attacks itself. NSO software is used, for example, to monitor suspects from the world of terrorism or organised crime. The Citizenlab vulnerability was also discovered in the same way. Citizenlab is a canadian organisation that campaigns for civil rights. As Citizenlab has revealed, various human rights activists (including Amnesty International) have clearly been victims of these attacks.
After the vulnerability became public knowledge, Facebook immediately released a security patch for Android (version 2.9.134) and iOS (2.19.51). Check with your co-workers to see if the latest version of WhatsApp has been installed. If not, you need to update devices urgently. The vulnerability can be rated as being critical, when you consider how widespread WhatsApp is – and not just in private life.
Irrespective of the current WhatsApp hack, the secure use of mobile devices by employees is a difficult thing for companies to control. An important factor here is that their use for personal and business purposes is becoming more and more blurred. What many people don't realise is that for hackers, smartphones are ideal devices for spying on people. What in reality are "high-performance computers" are equipped with various sensors (camera, microphone, acceleration sensor, GPS localisation, etc.) and they can connect to the Internet almost anywhere. This was also pointed out by the renowned cyber security guru Bruce Schneier at the InfoGuard talk last year.
This means that it is important for your employees to learn how to use smartphones securely. This way they are not only protecting their own privacy and security, but also the company's privacy and security. What needs to be taken into account when handling smartphones & co. in a secure way? We have put together for you the 6 most important tips:
As you can see, the danger is lurking everywhere, and an employee's private mobile device can quickly become a security risk for your company. Of course, employees don't deliberately fall victim to cyber attacks. They often simply do not know the right way to behave. Change this and make your employees aware of the issues of security awareness.
InfoGuard can offer you security awareness training courses that, among other things, teach you how to use smartphones securely. Be it workshops, e-learning courses, live hacking or internal awareness communication, our experts will help you and all your employees to make your company a more secure place!