Does Jeff Bezos’ WhatsApp Hack Mean WhatsApp is Unsafe?
Following the news of Jeff Bezos’ phone hacking via WhatsApp, questions about the messaging app’s safety are being asked by its 300 million daily active users.
The lack of understanding around whether a file sent via WhatsApp may or may not be able to corrupt a phone to obtain data, indicates just how important it is to be educated about cybersecurity. With that in mind, read on for an expert’s insight into the Amazon CEO’s security breach.
What happened?
It’s reported that Bezos received an encrypted message from Saudi Prince Mohammed bin Salman, which contained a ‘malicious, infected video file that infiltrated the phone’. This led to ‘large amounts of data being exfiltrated . . . within hours.’ This has since been claimed as ‘absurd’ by Saudi Arabia.
So, what do the experts say on this?
CEO Today heard from Institute of Directors Ambassador for Cybersecurity, Rob May on the matter: “If the news about Jeff Bezos’ alleged phone hacking is correct, then it perfectly illustrates that there is no such thing as guaranteed online security, and that people misunderstand what protection they have in place.”
“The story is based on the use of WhatsApp (purchased by Facebook in 2014), which is by far the most used messaging app – due in no small part to its promise of privacy and security. There is confusion here however; the primary security feature is end-to-end encryption. This means that messages can only be seen by the message sender and receiver. It means that if a message was intercepted whilst in transit, the message would simply be an unreadable encrypted file. WhatsApp state that even they can’t read their users’ messages. This layer of messaging security does not, however, fully protect the user.
In the Amazon CEO’s case, I have no doubt that the end-to-end encryption worked perfectly as intended. I believe that the issue was actually that the message included a video file which contained Mal(icious-soft)ware, which then transmitted a large amount of data from the phone over a number of weeks.
How to avoid cybersecurity breaches on WhatsApp
In my experience, the majority of WhatsApp users do not change any of the app’s security settings. The default action for videos (whether infected or not) is unfortunately to automatically download them – and herein lies the problem.
Those who haven’t enabled security settings on their phone and on WhatsApp, I would really encourage to do so. Turn on security settings in your account, and stop automatic downloads by going to Settings > Data & Storage > Media Auto-Download.
It’s worth saying that WhatsApp isn’t flawed. Any platform that has such ubiquitous use will be targeted and used as a form of cyberattack. People need to be continually educated and helped to understand the risks that their online connected lives present.
It’s worth saying that WhatsApp isn’t flawed. Any platform that has such ubiquitous use will be targeted and used as a form of cyberattack. People need to be continually educated and helped to understand the risks that their online connected lives present.
What CEOs can learn from this cyberattack
After looking closely at the technicalities of the breach, the primary take-away for CEOs is to stay informed. Ensure that all devices including phones, tablets, laptops and desktops are all fully protected using cybersecurity software, and by putting in place any security measures provided by the device (as detailed above for WhatsApp).
Many CEOs are known to almost disregard cybersecurity concerns because they feel that such matters fall under the responsibilities of the IT team. While IT professionals are trained in the field, and are therefore more likely to be able to identify problems early on, the fact is that cybersecurity should be everyone’s issue.
Rob May is the Founder and Managing Director of IT Support & CyberSecurity business ramsac. He is the IoD Ambassador for CyberSecurity and an international keynote speaker on the subject.
