Messaging Apps Prone to Security Vulnerability: Experts

Technology > Security

Experts are reminding users that there is a risk of cyber attacks on nearly everything that is connected to the internet / Photo by: Christoph Scholz via Flickr

 

Experts are reminding users that there is a risk of cyber attacks on nearly everything that is connected to the internet. The warning comes after the news that the messaging platform, WhatsApp, had been the target of spyware attack by an alleged Israel-based company.

The Facebook-owned platform has since updated the app and encouraged its users to install the updates as protection against "potential targeted exploits designed to compromise information stored on mobile devices," a WhatsApp spokeswoman said, according to CNBC.

But even with the remedy, security experts reminded users that mobile applications are prone to vulnerabilities.

"It’s definitely possible or even likely that at least some other apps will have similar vulnerabilities," Tom Uren, a senior analyst in the Australian Strategic Policy Institute’s International Cyber Policy Centre, told CNBC. "Pretty much the entire suite of apps that ‘talk’ over the internet could be vulnerable."

This weakness is due to the constant updates on apps that introduce new features, according to cyber-intelligence firm S2T founder Ori Sasson.

Even though updates remedy known defects and vulnerabilities on the platforms, Sasson said they could also present new unknown ones. Engineers are able to identify weaknesses in developing and testing software, but it is "literally impossible" to show the lack of vulnerability in a "non-trivial application," the S2T founder added.

CNBC reports Tom Kellermann, chief cybersecurity officer of U.S.-based cybersecurity firm Carbon Black, agreed with that statement.

"The unfortunate reality is that most messaging apps have vulnerabilities that can be exploited by sophisticated cyberspies," Kellerman said, adding there is no messaging platform that is "bulletproof."

He also said that such applications typically ensure the security of transmission of messages between users, but it does not fix all the problems.

A majority of security ratings for these platforms relate to encryption, Sasson said, implying the reduced risk of spying on messages and calls. He noted that WhatsApp, like other chat apps that are "considered secure," has end-to-end encryption.

But in the attack on the Facebook-owned platform, it was a case of "secure application development" instead of how the app ensures the protection of privacy and security, Uren said.