One of the most popular phrases, until recently, for a computer security expert was: "but is WhatsApp safe? Can I use it for work?"
The answer, generally, had always been the same: "I wouldn't use it for work, but at most to communicate with friends and family".
Then, with the advent of cryptography end-to-end and in particular with the advertising that was given to an eminently technical event, the question was no longer heard. Everyone felt automatically reassured and it no longer made sense to ask the question.
But is it really like that?
The advent of cryptography end-to-end apparently, given the answer that everyone wanted to hear: "now you are sure, you can use WhatsApp to do everything you already do without admitting it, but now you are sure". Of course it was just an illusion, but it was what everyone wanted to hear and therefore it became reality.
Here, however, to come from nothing, or rather from one of the most advanced countries in the cyber sector, disillusionment. His name is Pegasus, like the winged horse born from the blood of Medusa ...
Pegasus is a software created and sold all over the world by the NSO group, an Israeli company founded in 2010 for 70% owned by the American group "Francisco partners". NSO claims to develop "technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime". Technologies that are officially destined to the Israeli, American and European countries governments.
Pegasus he was not born today, for some years he has heard about it, but today he had the notoriety because WhatsApp is a system employed by more than a billion people e Pegasus, in this case, it turned from a winged horse to a Trojan horse, allowing hackers, governmental or otherwise, to carry out espionage activities on smartphones on which WhatsApp is installed.
Now a detailed explanation of how it works could follow Pegasus and how this exploited the vulnerabilities of WhatsApp, but I don't think it would be understandable for everyone. More useful, in my opinion, to give some suggestions to readers ...
First: there are no "secure" IT systems at 100%, they never existed and will never exist, whatever they tell you. The thing must be accepted and managed.
Second: is it possible to use WhatsApp? Yes, like any other communication software. Today it turned out that Pegasus exploits vulnerabilities of WhatsApp, tomorrow we will discover something else about other software. The rule of point one applies: there is no security at 100%. The systems are used to manage risk. Think about solving the problem of secure communications by uninstalling WhatsApp from the smartphone is a pure illusion!
Third: what can we do immediately? Simple, verify that WhatsApp has been updated to the version put in a few days ago. If it is not, update it. There are several versions of WhatsApp therefore, depending on the smartphone's operating system, it is necessary to understand which version is right but there are many sites from which to take information. In this case I personally contacted Kaspersky, so among the links you will also find a link to an article in Italian where the main versions of WhatsApp.
Fourth and last: never forget that the cybersecurity it is not a game and if you own a company or are a manager of a public facility, organize yourself to "manage the risk" and always doubt who assures you security at 100%.
To learn more:
https://www.theweek.co.uk/101201/whatsapp-reveals-attack-by-advanced-cyb...
https://www.businessinsider.fr/us/whatsapp-hack-who-is-nso-group-spy-fir...
https://www.thesun.co.uk/tech/9069460/whatsapp-update-how-cyber-attack-s...
https://www.thesun.co.uk/tech/9069460/whatsapp-update-how-cyber-attack-s...
https://securityaffairs.co/wordpress/76333/malware/nso-pegasus-spyware-r...
https://www.businessinsider.fr/us/pegasus-nso-group-iphone-2016-8
https://www.nsogroup.com/
https://www.kaspersky.it/blog/whatsapp-call-zeroday/17314/
https://www.youtube.com/watch?v=_2be9gcmjjQ
https://www.zambianobserver.com/zambian-mobile-phones-allegedly-targeted...
