Category - Security

IT Security, mobile, computer, internet,

Quick easy routine that can prevent phone exploit

We all hear and read often on how phones get compromised and how hard it is to secure phones on which people have the most valuable and personal information.

They’re different way one can try to keep phones secure. Avoid shady websites, do not open or accept files from people you do not know or trust or you do not know what they are sending.

Do not install random useless apps which might be malware, apps with bad reviews or almost no downloads or installs, as apps can get thru App Store reviews and download additional software as update containing trojan and or malware.

Some people might even try some sort of virus/malware scanner, in our opinion most are not very useful or effective.

Something much easier, useful one can do is, Turn your phone OFF and ON every few days ! There are many malware that reside in the memory, and as many people have the habit to almost never restart there phones, phones in some cases go years without turning off, with a malware infection that resides in the memory of the phone it can keep doing damage for a long time, exposing your personal information, spying, and financial damage.

In 2021 the NSA advised to turn off and on your phone weekly as a security measure, and in 7 sept 2023 the Belgium police started to advise people to restart their phone at least 1x daily! Early 2023 the Australian prime minister advised the same.

There many different malware, trojans, that can nestle and stay on your phone after restart, so it is not a bulletproof solution, but it can help for certain exploits, its easy, and doesn’t take much time to do.

Why Whatsapp is a security risk

Yes Whatsapp has end2end encryption for messages, but whatsapp was never build as an secure communication app. 

Many top 10 secure encrypted messaging lists feature whatsapp on it, deceiving people to belief using whatsapp is one of the bets and secure options these days. Nothing can be farther from the truth.

Because whatsapp never was build as an secure or security app, its vulnerability is not in its messages but in the app itself.

To give a few examples to prove the point, in 2019 may, a vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. All that was needed was a whatsapp call to infect you, you did not even have to pickup. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

In 2019 October, critical vulnerability was discovered that allows hackers to gain access to your chat logs and personal information by sending you a poisoned GIF. So sending a GIF could hack your whatsapp and expose your privacy.

In 2022 September, WhatsApp is going public with a major security vulnerability fix that enabled attackers to plant malware while making video calls. The development was dubbed critical in terms of security and was drastically affecting the app that was carrying out the tasks on a remote basis through victims’ smart devices. 

These are merely some examples, how your phone, your privacy, your security is vulnerable by whatsapp, using video, a gif file, a whatsapp call.

It is a shame whatsapp is promoted as an secure communication app while the opposite is true.
Any one from journalists, activists, human rights defenders, to the average readers who just wants to protect his privacy which is an human right, should consider alternatives that can keep you and your information safe, not only from state actors, but also from hackers and even organized crime.