The facebook-owned messenger known as WhatsApp has been going through many hardships. And it’s only going to get worse. The app has announced to the public a major flaw, allowing cybercriminals to have access to a victim’s device. For these attacks to take place, all the victim has to do is click a disguised link sent through the app. In other words, anybody can fall into this trap.
Apple Is In Trouble
Interesting enough, not all WhatsApp users suffered. In order for the predators to claim their victims, they’d have to be sending their links to the IOS version of the app found in Apple-related products and systems such as MacOs. With Apple products being mostly global, it may no longer be safe for costumers to use the brand without worrying. This is best explained in Facebook’s bug report:
“A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.”
For consumers, the issues vary. Some people don’t use WhatsApp that much, while others do. WhatsApp is the default form of communication between families whose members are all part of the diaspora. And that’s only beacuse, according to my very own experience, all the app needs to work is a mobile phone number. As long as Apple users have WiFi, the cybercriminals will be out there watching, waiting for an Apple user to be caught off guard. At least Samsung and Android users are somewhat safer.
Who’s Really To Blame?
A post Perimeterx gives details of how the flaw was discovered. Gal Weizman explains:
“It is 2020. No product should be allowing a full read from the file system and potentially a [remote code execution] from a single message.”
Yes, Facebook and Apple do have to get their mess together, but I can’t help and wonder if consumers can avoid these attackers through their own means. Usually when Messenger (another Facebook-related app) gets hacked, it happens by attackers who pretend to be a friend and send links with worried-like question such as “oh, my God. Is that you?!” It is suspicious and fishy. Who would open that? Somebody who doesn’t happen to be tech-savvy. These are the people who I imagine get attacked through WhatsApp-based malware.
Bezos Too Was (Cyber)attacked
Even with all the money in the world, nobody would be safe. At least that’s what I got from Jeff Bezos’ case. His iPhone was infected when he got a video message from who he thought was the Saudi Arabian Crown Prince, Mohammed bin Salman. The worst part of the whole ordeal is that, since the legitimate attacker hasn’t been found, UN experts have believed that the Prince was at fault and that he intentionally created a malware to steal Bezos’ private communications. All this happened soon after The National Enquirer made threats to release information belonging to him.
Bezos has also been pushing theories that imply The Crown’s involvement with The National Enquirer’s threats. Whether the attackers are aware of it or not, they have instigated another foreign affair issue regarding both an American CEO and the Saudi Crown. And I believed it worked; as of now, we don’t know who sent the malware to the Amazon Founder.
Which means that as a mini-war takes places, the real culprit is lounging away somewhere in the world. The WhatsApp malware is quite easy at disturbing unexpected Apple users. Truth is that, yes, Jeff Bezos will be fine, and so will Mohammed bin Salman. But it is a fact that the average unaware Joe may not be so lucky.