NSO group, a secretive Israeli company has been marketing a vulnerability called a ‘Zero Click Zero Day’ vulnerability in Whatsapp for about a year to surveillance agencies and governments. This type of vulnerability is one where the maker of the app itself, in this case, Whatsapp itself was not aware that a vulnerability existed, and so a Zero Day. ‘Zero Click’ because the targeted user does not need to click on anything, or open anything, it happens silently in the background.
STATEMENT FROM OUR SUBJECT MATTER EXPERT: Ankush Johar, Director at the human firewall, award-winning security awareness and end-to-end remediation platform that transforms human behavior.
“This type of vulnerability is lethal, because ‘Zero Click Zero Day’ type vulnerabilities mean that the attacker is able to infect your phone without you taking any action whatsoever. Just a phone call on WhatsApp and your phone get infected. It is that lethal.”
“It is yet unclear whether this infection can spread from WhatsApp to the entire device yet, but Whatsapp data itself including calls and messages definitely are. Also, it is not known yet if updating to the latest build removes the infection from an already infected device.”
“It is a big deal because such vulnerabilities are extremely dangerous and can hurt free speech activists, lawyers, critical agencies’ employees, journalists, human rights defenders among others. They think that their conversations are encrypted end-to-end and cannot be intercepted, but with this vulnerability, they can!”
WHY KEEP CALM?
Such vulnerabilities carry multi-million dollar price tags, and unless your conversations are meant to be ultra confidential, and you are involved in handling highly sensitive matters, you are unlikely to have been targeted. This does not mean that you have not been targeted.
For users handling sensitive matters, we recommend that you do a fresh install of Whatsapp, and start afresh, i.e no reloading of backed up data. The infection may get reloaded from the backup data as well.
“The only solution from a consumer perspective lies in becoming suspicious by nature and be always vigilant of such mishaps. Diligently following some good practices mentioned below can always help you safeguard and be in a much secure place” says Ankush Johar, Director at the human firewall, an information security platform aimed at altering one’s psychology through simulated attacks and effective training.
Some Good Practices For Users To Be Safe:
Always install the latest versions of iOS/ Android on your phone as these organizations work towards better security every day.
Apple iOS How to update: https://support.apple.com/en-us/HT202180
Android How to update: https://support.google.com/googleplay/answer/113412?hl=en
Think twice before using a device that does not support Software Updates.
Manually check of any updates of Whatsapp on the App Store or Play Store and install them if available.
Only download applications from certified play stores and not from the web.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
Sign me up for the newsletter!
Notify me of follow-up comments by email.
Notify me of new posts by email.
EXPORT-IMPORT BANK OF INDIA, ON BEHALF OF THE GOVERNMENT OF INDIA, EXTENDS TWO LINES OF CREDIT OF USD 20.22 MILLION AND USD 170 MILLION
CITI – NCPA Announces Scholarship Program for Young Musicians in Hindustani Music
Union Cabinet Clears Data Protection Bill
‘Sawai Gandharva Bhimsen Mahotsav’ to hold ‘Shadja, Antaranga and ‘Swar Shatabdi’
Renascent Power acquires 75.01% stake in Prayagraj Power Generation Company Ltd
2014 The Global Indian New Network (TGINN)