Another day, another hack! The world has once again witnessed one of the notorious cyber-attacks — Facebook-owned WhatsApp recently made headlines as it the world-renowned messaging platform recently patched a severe vulnerability that was being exploited by attackers. Also, The vulnerability CVE-2019-3568 was so severe that it allowed cybercriminals to compromise the platform and install spyware through WhatsApp voice call.
Talking about the spyware — Pegasus spyware, it was weaponized and sold by one of the world’s most renowned Israeli cyber intelligence company NSO Group. This company is also ill-famous for producing some of the most advanced spyware the world has ever witnessed. Also, NSO Group’s same spyware was responsible for targeting human rights activists and journalists from Mexico and the United Arab Emirates.
Coming to the capabilities of this notorious spyware, it is capable of compromising platforms via calls, texts and other data. That is not all, it is also capable of activating the users’ phone’s camera and microphone without leaving any trace afterwards.
Currently, the globally popular messaging app is urging its users to update the application as soon as possible as it has fixed the flaw and released an update.
Who Were Affected?
Until now the number of compromised of affected users have not been confirmed yet. However, according to Citizen Lab, a watchdog group at the University of Toronto, the NSO Group targeted a UK-based human rights lawyer.
How to figure out if you are if? it is always considered to be a good practice to confirm. One of the ways to confirm is by checking if you have ever received any unknown WhatsApp call or dropped the call. If you haven’t received, then there are chances that you are not among the fallen victims of this hack.
Also, you work in a big, sensitive organization with access to some sensitive data then there chances that you might have become a target as the hack was focused on people and organizations with data that can be used in an adverse way.
Is Privacy Of User Data A Myth?
Over the years, the world has witnessed some of the biggest and filthiest cyber-attacks, causing damage not only to the organisation but also to a huge population. Technology giants like Google, Facebook etc. are actively working towards mitigating and eliminating cyber-attacks, however, technology advancements seem to work in favour of the wrongdoers too. While companies across the world are busy strengthening their cybersecurity infrastructure, hackers are also seeking and finding out newer ways to exploit even the strongest cybersecurity infrastructure.
The news of Facebook’s data leak didn’t even fade completely that the recent Facebook-owned WhatsApp hack has created doubt among the users globally — Will users across the world ever be safe from cyber-attacks? Is privacy on user data has always been a myth? What steps should be taken to keep safe from these notorious hacks?
WhatsApp has 1.5 billion users in 180 countries. So, you can imagine how much damage this hack could do. It was so powerful that it would work on almost every device — from Android to iOS phones — and access to everything on the mobile devices.
The bitter truth here is chances are really less that we will ever be completely safe on the internet. However, instead of sitting hands down, there are certain steps that could be taken by both organisations and users.
A provider of cybersecurity solutions Check Point did in-depth research on this attack and has come up with a way to ensure users data safety and that is a mobile threat defence solution to prevent spyware from gathering intelligence on their targets. According to the firm, the solution should involve ways to identify advanced rooting and jailbreaking techniques should be able to detect unknown malware and prevent malicious outbound communications to command and control servers.
This is a never-ending war — as technology continues to advance, cyber threats will also advance. Cyber threats will keep coming and all we can do is be prepared for and keep strengthening out cybersecurity infrastructure.