By Talya Mizrahi-Yaakov, Marketing Manager
If you’re using WhatsApp or similar apps for work purposes, you might want to reconsider.
Earlier this year, in the Electronic Frontier Foundation’s (EFF) annual report on data collection practices, WhatsApp received the lowest scores on how they handle government requests for data. The report’s criteria for companies include informing users about government requests before the data is handed over; publicly disclosing how long they record information that isn’t accessible to the user; and reporting how often governments seek the removal of user content or accounts.
Whereas Dropbox, Apple and Yahoo were given the highest scores for speaking out about government data requests and giving users tools to fight back, WhatsApp has yet to adopt industry best practices concerning customer data protection, especially in this post-Snowden era.
Even more alarming than the EFF’s report is the number of security threats out there when using WhatsApp:
- People Can Spy on Your Conversations
Despite end-to-end encryption of WhatsApp conversations, people can still listen in on your conversations. There’s a piece of spy software called mSpy, for example, that sends reports on calls, browsing, text messages, WhatsApp conversations, and more, back to the owner of the app. Leave your phone unattended for a few minutes, and said spy just has to get the app on your phone without you even ever knowing about it.
Another way someone can read your WhatsApp messages is through MAC spoofing. What is MAC spoofing? A phone’s MAC address is a unique identifier, and WhatsApp uses this address to route messages. By temporarily assigning your MAC address to their phone, someone else can intercept your WhatsApp messages. Though harder to implement, it’s also harder to detect.
- Privacy Settings Don’t Mean Much
Even if you’ve set your privacy settings to “nobody” (e.g., no one can see your status or “last seen” info), a simple app called WhatsSpy Public can monitor status messages, status changes, and user photos, as well as adjust your security settings. And as of now there isn’t a way to protect against this. You can read more about it here.
- Message Crashing
You can crash someone else’s instance of WhatsApp by sending a message over 7 MB in size, or a message only 2KB in size if it contains a special set of special characters. After receiving the message, WhatsApp will crash every time the user tries to open the thread, and the only way to regain control of the app is to delete the thread. Even if a message is backed up, restoring the conversation doesn’t solve the problem; it’ll still crash the app. This exploit works not just with messages to individuals, but also to groups, in which case every member of the group will experience the crash and need to leave the group and delete the thread. If you depend on WhatsApp for business purposes, then these crash messages pose a serious vulnerability.
- Fake WhatsApp Download Links = Malware
The WhatsApp web interface is super cool, but beware! Unfortunately there are people out there distributing bad download links that look like real WhatsApp clients, but will saddle you with a bunch of malware. These sites collect information from downloaders and distribute malware, including sites that add users to WhatsApp spam lists that either come packaged with trojans or distribute malware designed to collect banking information. So if you’re using the WhatsApp Web Client, just make sure you’re using the official URL without any extensions.
So while WhatsApp is no doubt a great communications tool, and I do use it for personal messages, I wouldn’t use it for work purposes. The next time you send out another WhatsApp message, you should ask yourself if you wouldn’t mind a complete stranger seeing the content of that message. If you DO mind, then maybe it’s time to start using a more secure text messaging application.
To see a functions comparison between TeleMessage and Whatsapp, Click Here.