The discovery that hackers could snoop on WhatsApp should alert users of supposedly secure messaging apps to an uncomfortable truth: “End-to-end encryption” sounds nice — but if anyone can get into your phone’s operating system, they will be able to read your messages without having to decrypt them.
According to a report in the Financial Times on Tuesday, the spyware that exploited the vulnerability was Pegasus, made by the Israeli company NSO. The malware could access a phone’s camera and microphone, open messages, capture what appears on a user’s screen, and log keystrokes — rendering encryption pointless. It works on all operating systems, including Apple’s iOS, Google’s Android, and Microsoft’s rarely used mobile version of Windows.
Hackers can install the malware simply by calling the target.
It’s important to realize, however, that spyware that can install itself without any action on the user’s part can arrive through any channel, be it an encrypted messenger, a browser, an email or SMS client with an undiscovered vulnerability allowing such an attack.
These are merely applications running on top of an operating system, and once a piece of malware gets into the latter it can control the device in a multitude of ways. With a keylogger, a hacker can see only one side of a conversation. Add the ability to capture a user’s screen, and they can see the full discussion regardless of what security precautions are built into the app you are using.
“End-to-end encryption” is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security. Encryption is, of course, necessary, but it's not a fail-safe way to secure communication.
Read more at https://www.bloomberg.com/opinion/articles/2019-05-14/whatsapp-hack-shows-end-to-end-encryption-is-pointless
According to a report in the Financial Times on Tuesday, the spyware that exploited the vulnerability was Pegasus, made by the Israeli company NSO. The malware could access a phone’s camera and microphone, open messages, capture what appears on a user’s screen, and log keystrokes — rendering encryption pointless. It works on all operating systems, including Apple’s iOS, Google’s Android, and Microsoft’s rarely used mobile version of Windows.
Hackers can install the malware simply by calling the target.
It’s important to realize, however, that spyware that can install itself without any action on the user’s part can arrive through any channel, be it an encrypted messenger, a browser, an email or SMS client with an undiscovered vulnerability allowing such an attack.
These are merely applications running on top of an operating system, and once a piece of malware gets into the latter it can control the device in a multitude of ways. With a keylogger, a hacker can see only one side of a conversation. Add the ability to capture a user’s screen, and they can see the full discussion regardless of what security precautions are built into the app you are using.
“End-to-end encryption” is a marketing device used by companies such as Facebook to lull consumers wary about cyber-surveillance into a false sense of security. Encryption is, of course, necessary, but it's not a fail-safe way to secure communication.
Read more at https://www.bloomberg.com/opinion/articles/2019-05-14/whatsapp-hack-shows-end-to-end-encryption-is-pointless
No comments:
Post a Comment