Data security

WhatsApp and the Dangers of Insecure Messaging

Insecure messaging apps like WhatsApp are still being used by corporate board members across the world, despite the well-known dangers of leaks. Australians should know better given the record of WhatsApp breaches in the country, but apparently a majority of board members are still using insecure messaging. Boards should choose a Modern Governance technology for messaging that has the highest grade of security.

No less a corporate board member than Amazon CEO and Chairman Jeff Bezos recently provided a good example. It was recently revealed that the head of the company – now valued at $797 billion and the most valuable US stock –had his phone hacked through WhatsApp in May 2018. And the hack involved the phone used by none other than Saudi Arabian crown prince Mohammed bin Salman.

Bezos met with the Saudi crown prince at a dinner in Hollywood while the latter was on a goodwill tour involving a number of well-known and influential Americans.  Later that month, a message including a video was sent from the prince’s phone, and this message included a hacking tool that extracted personal information from Bezos’ mobile. The led to embarrassing personal revelations in the tabloid press.

On January 22, 2020, experts at the United Nations released a report revealing that the Pegasus mobile hacking tool created by the Israeli spyware manufacturer NSO Group was probably used to hack Bezos’ phone. The NSO software spyware has been involved in a number of high-profile hacks around the world.

WhatsApp and other apps remain vulnerable to hackers

Australians will recall the WhatsApp leak that revealed how Julie Bishop’s bid for leadership of the Liberal Party was scuppered by a conspiracy formed among her fellow party members. WhatsApp messages leaked to the ABC’s Insiders program show Liberal MPs who supported her bid orchestrated a tactical vote against her in an effort to keep Peter Dutton from power.

Yet 22 million Australians still use the app, and, among them, a large number of businesses.  Corporate board members just find it easier to exchange ideas via WhatsApp regardless of wh0 may be listening – just ask Jeff Bezos.

But one might also recall the report in May of a zero-day vulnerability that an “advanced cyber actor” had been exploiting to spy on a select group of WhatsApp users. Or yet another flaw discovered in October 2018 by Google that could have been used to compromise a user’s Android or iPhone device simply by getting them to answer a call.

Insecure messaging apps

All of the messaging apps in general use have advantages in terms of ease of use and large-scale adoption – that is why they have become so popular.

And many of the best-known messaging apps use end-to-end encryption – the most secure way of protecting data – to try to keep user data secure.

But, as you can see from the Jeff Bezos example, there are ways of getting around encryption. In the case of Bezos, the hacker got access to de-encrypted messaging and then extracted it.

There are other vulnerabilities: For example, what if your device or the device of the person you’re chatting with gets hacked or falls into the wrong hands? Even if yours remains secure, your messaging is vulnerable. It is now possible to delete messages received by all users on some platforms, but that would not help if the message has already been leaked.

IT consultant Ben Dickson warns of another vulnerability: “Every message comes with an amount of auxiliary information, also known as metadata, such as sender and receiver IDs, the time a message was sent, received and read, IP addresses, phone numbers, device IDs, etc. Messaging servers store and process that kind of information to make sure messages are delivered to the right recipients and on time. While metadata doesn’t contain message text, in the wrong hands, it can be very harmful and reveal a lot about users’ communication patterns such as their geographical location, the times they use their apps, the people they communicate with, etc.”

Board members know that the information they exchange with other directors, with management, or with advisors is sensitive and must not be leaked. It should be clear that Modern Governance alternatives, technology designed to enable boards to communicate rapidly and securely, offers viable alternatives.

Protecting your personal and company data

Boards should secure their board business with board management software by Diligent Corporation.

This development should motivate board directors to create policies about how employees should safely use equipment. It’s also important that this type of information be communicated through companies and become part of the overall culture around cybersecurity.

Board Portal Buyer’s Guide

With the right Board Portal software, a board can improve corporate governance and efficiency while collaborating in a secure environment. With lots of board portal vendors to choose from, the whitepaper contains the most important questions to ask during your search, divided into five essential categories.

Featured Blog