WhatsApp Zuck?

 In ITC's Threat of the Week

As some of you may be aware, a fair number of us Security types are more than a little suspicious of WhatsApp, believing it to be a monster vector for potential infiltration of private devices which may be used by Nation State (perish the thought) or simply malicious criminals (punctuation entirely deliberate).

So suspicious are we that many of us do not use the application, preferring instead tools like Wire or even the Jihadi’s favourite Telegram, we have written about this repeatedly.

It therefore came as no surprise to us that prior to recent patches, and for at least three months, one of those really annoying short looping GIFs (oh how very clever you are, we would rather you give us a Shakespeare or even Schwarzenegger quote any time) could have had nasty code embedded which when played on WhatsApp would have infected your Android phone.

As we have said before “WhatsApp has serious access to your device’s facilities and also (unlike Wire or Telegram for instance) accepts inbound calls from World+Dog”.

In what can only be a monster coincidence, this week has seen the start of what will certainly be a lengthy dispute between Facebook (which you will recall purchased WhatsApp for over 19 beeelion dollah in 2014) and the Governments of the UK (not pretty), the USA and Australia who have written an open letter to The Mighty Zuck, that his plan to tighten end to end encryption on Facebook messaging platforms (who knows, maybe they will merge them!) is an affront because: “Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens. Security enhancements to the virtual world should not make us more vulnerable in the physical world”.

Citing protection for the vulnerable and specifically referring to the activities of paedophiles, these governments are demanding backdoors into messaging platforms. Legitimate surveillance of legitimate suspects can only be a good thing, however using old school wiretap (man in the middle, or at least to the side in new parlance) does look like it is running out of time and Law Enforcement might have to come up with a new plan, especially against a backdrop of proven mass surveillance. Playing the paedo card is a cheap stunt, don’t you think?

Whilst researching this blog, we discovered that there is a Scottish dialect version of Wikipedia, which has proven hugely distracting. Here is what they say about WhatsApp:

WhatsApp Messenger is a freeware, cross-platform an end-tae-end encryptit instant messagin application for smartphones. It uises the Internet tae mak vyce caws, ane tae ane video caws; send text messages, eemages, GIF, videos, documents, uiser location, audio files, phone contacts an vyce notes tae ither uisers uisin staundart cellular mobile nummers.”

Apologies if either you already knew about Jockipedia or you didn’t, in which case we will see you at tea with the Mad Hatter.

Regular readers will know that we often josh about uber cyber criminals having hidden lairs, bunkers, islands and the like, mwahahaha. This week, astonishing news that for the second time, a couple of the aforementioned crims have been busted for running nefarious dark web activities in none other than a former nuclear bunker. If you fancy starting up a business like this alternate, less obvious hosting options are available!

If you would like any advice on securing private messaging, leasing a former nuclear bunker or anything else cyber security related, we would as ever love to hear from you. Contact us at: [email protected] or call 020 7517 3900.

Wishing the home nations all the best in The Rugby World Cup. Next week’s missive is coming live from Japan.

P.S. As we were saying.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900