What’s Up With WhatsApp?

WhatsApp Logo on green backgroundA cybersecurity breach in Facebook’s WhatsApp app last month left users vulnerable to spyware attacks via voice calls. An undetermined number of the 1.5 billion users of the popular messaging app may have had malicious spyware installed on their devices.

Let’s take a closer look at the security breach and the steps you can take to protect yourself, both now and in the future.

What happened?
Security breaches are old news in the app world, but a breach of extremely high magnitude and reach is something new and fairly frightening. The fact that the breach hit WhatsApp is especially alarming. WhatsApp utilizes strong encryption for both voice and text messaging and is used as a communication platform for government and security officials around the world.

Here’s how it went down:
A government-grade intelligence collection tool was employed to target WhatsApp users via voice calls. The spyware has been endowed with the ability to seize control of the affected smartphones and to access any private information stored on the device.

The spyware utilized in the attack was allegedly created by the NSO Group, an Israeli cyber surveillance company that has developed this advanced technology for the express purpose of allowing government agencies to infiltrate terrorist groups and to fight crime. Unfortunately, when the spyware fell into the wrong hands, it helped scammers pull off one of the greatest cybersecurity breaches of all time.

The Financial Times reported that the WhatsApp breach was made possible because of a loophole in the app’s code that allowed hackers to transmit spyware onto smartphones by calling targets through the app. The malicious code could be injected into the device whether the user picked up the call or ignored it.

According to WhatsApp, the cyber breach was first discovered in early May and had been used to target an undisclosed number of WhatsApp users. The Facebook-owned messaging company claimed it briefed human rights organizations about the breach and also asked U.S. law enforcement agencies to assist it in conducting an investigation. When WhatsApp had more definite information, it notified the public about the breach.

Who was affected?
It doesn’t matter what kind of phone you have; the security vulnerability affects both iPhone and Android devices. The good news is that not every version of WhatsApp was affected. To check whether the version you have on your phone was part of those impacted by the breach, check out Facebook’s official advisory confirming the vulnerability, which outlines which versions were affected.

The messaging giant has not confirmed a specific number of targeted victims. Rather, it has only shared that a “select number of users were targeted through this vulnerability by an advanced cyber actor.”

What do I need to do now?
Since the vulnerability that caused the breach lies in the makeup of the app and not in an unsafe or negligent practice in the hands of a user, there is no way you could have prevented your device from being affected. However, now that the facts are on the table, you can take the recommended steps to keep your device safe from this vulnerability.

Since the breach was discovered, WhatsApp engineers have been working hard to close the app’s security vulnerability. The company has started installing a fix to servers and to private customers. It has also created an updated, safer version of the app that it has urged all users to employ on their devices as soon as possible.

Here’s a quick guide for updating your WhatsApp.

  • For iPhone users: Open the App Store, choose updates, select WhatsApp and then click Update.
  • For Android users: Open the Play Store, click the three lines in the upper left-hand corner, choose My Apps & Games, select WhatsApp and then hit Update.

If you haven’t yet updated your device, do it now. It only takes a few seconds of your time to make sure your WhatsApp is operating at its safest level.

You never know when those scammers are going to hit next. Practice safe measures by always using the latest version of any application or operating system, keeping yourself in the know about recent security breaches and never sharing sensitive information online.

Stay safe!

Your Turn:
How do you keep yourself safe from security breaches? Share your tips with us in the comments.

SOURCES:

https://www.iol.co.za/news/south-africa/gauteng/consumerwatch-what-you-should-know-about-whatsapp-breach-23607175

https://www.people.com/human-interest/whatsapp-security-breach-update-app/amp/

https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/amp/

Ransomware And Mobile Devices

Three bad guys planning ransom demandsOne moment, you’re surfing the internet. A minute later, a pop-up shows your files have been taken hostage and that you’re required to pay a $300 ransom to have them released back to you. You stare at the screen in disbelief. How is this possible, especially considering you are on your mobile device?

Ransomware – malware that accesses your computer system and blocks access to your files until a ransom is paid to restore access all while stealing your payment information – has been becoming more prevalent among PC users. While these attacks typically focused solely on PCs, they are now adapting to include mobile devices. That’s right, the very same mobile devices you use to access your credit union accounts for checking balances, transfer funds and make payments.

An example of a Russian-based mobile device ransomware is called “Svpeng.” It focuses on tactics for infecting mobile phones and mobile banking applications. It infects the device with a phishing window when the application is opened. This overlay attack is used to steal online banking information as the malware pretends to be the application’s login screen. The user enters login and password information, which is then stolen by the hackers. Once they have access to the account, they can control the account. Svpeng also phishes through Google Play if that is on the mobile device.

This tactic also involves SMS messages being sent to two Russian banks to determine if the phone number of the device is connected to any payment cards. If a card is indeed connected to a number, the hackers use commands through the device to transfer the victim’s money into their own accounts. While Svpeng has currently been seen only in Russia, it is expected to expand into other countries; one of the features of the ransomware checks the mobile device’s language settings to determine the appropriate language to use for the attack.

As time goes on, other PC-based ransomware programs may also be adapted for mobile devices, or more ransomware programs that are specifically designed for mobile devices may be created. Hackers are always looking for ways to evolve their tactics in hopes of stealing more information and making immediate profits. Svpeng, for example, had 50 modifications to its malware within a three-month period.

How does this type of malware get onto a PC or a mobile device? It could be through a “drive-by download” where malicious software is downloaded without the user even knowing about it. This happens as the user surfs the internet without a care, yet comes across a compromised webpage or clicks to a website through an HTML-based email. It could have been downloaded through a phishing email, which appears to be from a credit union, yet is a fake email linking to a compromised webpage. The ransomware could also come through an email attachment that is malicious.

After the infection occurs on the mobile device or PC, the overlay or ransomware tactics are used as was described with Svpeng. That way the hackers can either directly steal the login and password information when the credit union account is accessed, or the user is blackmailed by a direct ransomware attack to send money to unlock the mobile device.

Many of the ways ransomware can be prevented from infecting a PC are the same for prevention on a mobile device. Make sure data on a mobile device is regularly backed up. This will help with recovering information if the device is hijacked. Make sure an antivirus program is running on the mobile device. Follow safe web browsing habits. Block suspicious emails.

Don’t download data or apps from questionable sources. Don’t “jailbreak” a device where built-in controls and security features are overridden; this removes an additional layer of protection against ransomware attacks.

If you think your mobile device has become a victim of ransomware, you can try to remove it by running a virus scan through mobile antivirus software. Don’t pay any ransom because it won’t guarantee the release of your data and you are giving additional payment information to the hackers. If none of these work, talk with your mobile device or cellular provider or their tech support. Of course, notify your credit union to monitor your accounts for any potentially fraudulent activity.

Beware of Intel Patch Scams

image of intel i7 processorLast month, we learned that millions of processors throughout the world were vulnerable to hackers. The problems, known as Spectre and Meltdown, lie within chips of computers and smartphones, making them nearly impossible to fix or replace. To protect consumers, all major technology companies have created updated versions for their devices’ security and distributed patches to protect against these flaws.

Millions of users have installed updates and patches, despite technical glitches and other minor inconveniences.

However, hackers are now exploiting the fearful climate following the newsbreak. The criminals have built a malicious app that’s cleverly disguised as a patch that allegedly protects the victim’s computer against the vulnerabilities.

Arm yourself with the right information to protect yourself and your devices against this nefarious scheme.

How it works
A panicky consumer searches online for a patch. They easily find one and proceed to click on the helpful link promising to install the patch. Instead of a patch, they’ve actually just installed a malicious app granting hackers complete access to their device.

In Germany and Australia, the hackers sent emails impersonating the countries’ federal security agencies. The emails urged the recipients to click on the embedded link, and they were then directed to bogus government sites where they were instructed to download a patch. Of course, this “patch” was nothing but a malicious app.

So far, the scam has not reached the U.S. on this level, but harmful apps and downloads have made their way to American shores.

Recognizing a malicious site or app
Only the big technology companies whose names you will easily recognize, like Intel, Microsoft, Apple and Google, are issuing true patches. To determine if a patch is indeed being distributed by one of these companies, verify the URL. The patches should be sent directly from these companies and not via any other parties or websites. If you don’t recognize the site, don’t download the patch! The best way to obtain an authentic patch is to contact these companies yourself and follow their exact directions.
If you’ve been sent a link for a patch that looks like it comes from one of these companies, first check it for authenticity. Hover over the link to see the URL the link will go to for verifying that it’s from a reliable source.

If you’ve been contacted by a party you don’t recognize regarding a patch, ignore it and alert the authorities.

Online safety
It’s always a good idea to practice good internet hygiene.

  • Never click on links embedded in emails or social media messages from unknown sources.
  • Before clicking a link, let your cursor hover over it to see the URL it will go to.
  • Never share personal information online unless you are absolutely positive about the recipient’s authenticity.
  • Be wary of using public Wi-Fi.

Your Turn:
How do you spot and protect yourself from online scams? Share your best tips with us in the comments!

SOURCES:
http://www.zdnet.com/article/windows-meltdown-spectre-watch-out-for-fake-patches-that-spread-malware/
https://www.google.com/amp/bgr.com/2018/01/17/meltdown-spectre-malware-disguised-patch/amp/
https://www.google.com/amp/amp.timeinc.net/fortune/2018/01/29/microsoft-windows-intel-spectre-fix
https://www.staysmartonline.gov.au/alert-service/beware-scam-emails-offering-patches