Page 145 - Cyber Defense eMagazine January 2023
P. 145

Employees  are  increasingly  using  consumer-grade  apps  even  to  communicate  with  co-workers  and
            clients, blurring the distinction between "simple to use" and secure solutions for businesses. Since they
            are "free" and "popular," apps they are commonly accepted and the question is asked as to "why shouldn't
            our business use them too?" - but this is where many organisations go wrong.



            Just because an app is ‘encrypted’ doesn’t mean your messages are secure and safe

            Then there is the infamous "End-to-End Encryption" myth, which is present in a lot of free consumer
            software. These apps are not the best platforms for exchanging sensitive business information or client
            conversations because they include so many grey areas and dubious privacy settings.


            Let's take a look at WhatsApp as an example. WhatsApp is a messaging app intended for consumers. In
            the past, WhatsApp has come under severe fire for failing to safeguard the privacy of its customers' data.
            Additionally, the European Court of Justice found that US tech corporations, notably Facebook, do not
            offer their European consumers an acceptable level of personal data protection.



            The communications on either end of the connection are not secured by it in any way. In any event,
            having encryption doesn't automatically make something secure. After all, Facebook, a firm for which
            security and privacy are, at best, theoretical constructs, owns WhatsApp.


            With all of this in mind it is important to mention that spyware can make its way into a mobile phone
            through a security bug in voice calls made through insecure apps such as WhatsApp. WhatsApp and
            numerous other consumer messaging systems are also used as the method for gaining access to users'
            devices due to the open nature of these systems. With just a phone number we can with high levels of
            confidence bet that that phone number is linked to a consumer platform like WhatsApp.



            With  spyware,  like  Pegasus  can  immediately  be  transmitted.  This  call  method  is  so  powerful  and
            inconspicuous that Pegasus may be installed on the phone simply by sending the user a missed call.
            After installation, the software would remove the call log entry so that the user wouldn't be aware of the
            missed call. Due to the open nature of these apps, they are very easily used as a distribution route for
            hackers.



            What does this mean for you then? Really quite a bit. Your organisation still has information you don't
            want made public, even if it doesn't deal with highly sensitive material. Additionally, you can come across
            circumstances in which your communications carry legal bearing, like when you consent to a purchase
            over email. That is a further rationale for the development of secure enterprise applications. They serve
            to provide assurance and establish clear guidelines to ensure that your data is secure.





            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       145
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   140   141   142   143   144   145   146   147   148   149   150