By: Joseph Reis – X Tech News
Main risks in the use of WhatsApp
According to the CCN-CERT, the sharing of personal information and the low perception of risk has made WhatsApp an attractive environment for cyber attackers
The National Cryptological Center published its report on the main risks in the use of WhatsApp, where it tries to focus our attention on the risk situation that the sharing of personal information that users of this service can make daily. This sharing of sensitive personal information together with our low perception of danger when we use mobile devices is, in the opinion of CCN-CERT, dependent on the National Intelligence Center, which has made WhatsApp an attractive environment for intruders and cyber attackers. Therefore, through its report, we offer a series of recommendations so that the information on our mobile phones is safe from possible attackers or harmful programs.
Within its system for characterizing cybersecurity threats, the CCN-CERT describes this possible use by WhatsApp cybercriminals as Very High level. That is to say, it qualifies as a threat whose probability of affecting and damaging the information systems is high, and which requires taking additional precautions. It is not necessary to present WhatsApp, an application that since 2009 has become ubiquitous in all our mobile devices. This application, purchased by Facebook at the beginning of 2014, now exceeds one billion users worldwide and, according to data from the CIS of the first quarter of 2016 is used by more than 60% of Europeans.
Despite being in principle a messaging application, it behaves very much like a social network because it directly incorporates the contacts we have defined in our mobile device, which makes its expansion very fast. This expansion and general use is what according to the CCN-CERT would place WhatsApp in the crosshairs of cybercriminals. WhatsApp thus becomes a possible source for obtaining data and information from users.
Activate the option “Show security notifications”
Open WhatsApp and press on Settings. Touch Account and select Security. On the security screen is where we can activate security notifications.
Unsure of conversations
Another of the failures detected by the CCN-CERT experts is that in recent versions of WhatsApp the deletion of conversations stored on the phone is not secure.
This situation makes it advisable that in case of replacement of a phone or other mobile device, before removing the old equipment, proceed to uninstall the WhatsApp application, as well as the possible backup copies that may have been generated.
Dissemination of sensitive information during the initial connection
During the establishment of connection with the servers of the application, WhatsApp exchanges in a non-encrypted way information about the technical characteristics of the telephone and the telephone number. Given that this information can be uncovered for a possible attacker, the recommendation of the CCN is not to use public Wi-Fi networks or of dubious origin to connect to WhatsApp, and if necessary to do so understand that the solution to the problem of dissemination of information by this reason would be the use of a VPN connection.
A VPN is an Internet connection system where a private network is created. All the traffic that is produced from the mobile phone to the VPN server will be encrypted, therefore, even if we are using a public network, anyone who can intercept this traffic could not read it.
Dangers of downloading in unofficial sites
Any successful application immediately attracts cybercriminals, since it is relatively easy to use them as a hook to capture users. It is normal to see applications proliferate with an image similar to the original, or others promising improvements or new functions. It is also common to find applications that promise the possibility of spying on other users. All these applications are scams and many of them carry malicious code that seeks to steal information or point the user to services and thus obtain an economic benefit.
The basic recommendations to avoid the dangers associated with false applications are simple:
- Never download applications on unofficial sites.
- Do not install unnecessary applications simply because they are free.
- Do not install any application on our mobile device without having contrasted the manufacturer and carefully read the permissions you intend to acquire on our mobile device.
- Increase our vigilant attitude as much as possible if our device is Android.
Exchange of personal data with Facebook
This exchange of data between WhatsApp and Facebook, which currently does not include messages, photos or profile information may pose a risk to privacy.
Final recommendations of the report
The report ends with a series of recommendations. We invite you, for the safety of your mobile devices, to adopt them:
Keep the phone locked with a password and, if possible, eliminate the previews of the messages and maximize the measures when the phone is not available, since with a simple phone call the security of any session or application could be compromised. be using.
Be very careful with the access and permission requests of the applications that we install on our phone, especially when it comes to Android devices. Do not install unnecessary applications simply because they are free.
Do not try to remove the operating system manufacturer’s restrictions from accessing the phone in administrator mode, which is known as ” jailbreaking ” in Apple or ” rooting “”On Android. Although it may seem useful to access certain applications or services, the security risk is too high and the computer’s exposure to threats much higher.
Turn off Wi-Fi and Bluetooth if it is not going to be used, not only reduce battery consumption considerably, but also close doors to possible attacks.