There was an issue, in the Guardian voiced it less than three hours ago as: ‘WhatsApp ‘hack’ is serious rights violation, say alleged victims‘, yet in all this, in all the banter, in all the accusations, the one side not heard is the one not mentioned in any newspaper, why is that? (the article is at https://www.theguardian.com/technology/2019/nov/01/whatsapp-hack-is-serious-rights-violation-say-alleged-victims)
We all see: “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones“, in equal measure we see “malware sold by NSO Group, an Israeli cyber weapons company” yet no one discusses the main frame of the mind. No one discusses the fact that WhatsApp got hacked, the fact that a software solution found the software hackable.
We see Facebook, WhatsApp, Pinter, Twitter and no one makes a larger leap on the How. How are these solutions so hackable? There is one voice in the article giving us “One referred to Facebook as “the world’s greatest privacy violator”” At this point you might think that it is merely a way to look at someone else, but it is not. These software vendors are all about sellable and resalable technologies, so they want to make a deal with large corporations who can mine that data to their hearts content, the problem is how to do it without the overbearing amount of oversight, neither side wants that, it would result in uneasy questions and questions that have answers that a lot of people would not want to work on until forced.
And how do you think that NSO technology, a company etched in cyber intelligence and software solutions to find counterintelligence loops would design a way to get into places like WhatsApp and Facebook?
- There is a need
- There is the opening
- Both one and two represent a massive amount of money.
It is that simple and whilst we all want to shout ‘foul, foul’ are we shouting at the right people?
Are we shouting at WhatsApp and Facebook for allowing these gaps to appear in their software? No we do not and we need to wake up. Did you learn nothing from Cambridge Analityca?
The movements of people is worth a lot of money, whilst we all seem hell bent in locking out governments, we open up to commercial enterprises like there is no tomorrow, like there is no hassle there, but that side is the largest hassle of all, they sell some form of access directly to insurances for ‘advertising’ to healthcare clinics for the same reason and they do not care how that knowledge is used. And there is no reason people forget that a company is often no more than its mission statement: “People use Facebook to stay connected with friends and family, to discover what’s going on in the world, and to share and express what matters to them” The Facebook corporate vision statement in its direct form. There is no mention of data security, there is no need for data arbitration, and none of it is there. The same could be stated about WhatsApp “Our messages and calls are secured with end-to-end encryption, meaning that no third party including WhatsApp can read or listen to them. Behind every product decision is our desire to let people communicate anywhere in the world without barriers” there we see no security affix in regards to from who to who(m). And let’s be direct here the part ‘to let people communicate anywhere in the world without barriers‘ is quite sincere, there is no hiatus on KNOWING who is speaking to who, do they?
That are merely tow basic parts that are ignored and they are open and for sale, places like NSO technology fixed their views on getting to those parts of the equation for their customer. Basically Facebook and WhatsApp let them, that is the part you remain ignorant about and that is why it is happening again and again.
You did not think it was going to be easy did ya!
All these issues would fall away when the stage for secure apps would actually be secure, that is the one part that would stop a lot of this and with smaller apps it will happen, when the app comes to a size of distribution where a few hundred million users will be using it, the need for a secure app will be out in the open, well over a dozen of these apps are out in the open and there is not solution, not until that changes and if it were up to the politicians it will never change, because they need that data too.
So if you want a secure App, you will just have to stop using the one you have until they make a secure edition of the App, now there are a whole range of ideas on how that will be, for example that App will not be free, or in case of Facebook where data is their brainchild, they will figure something out, but until they do none of your data is allowed to be secure.
Doubt my words?
Consider that three programmers were at the foundation of NSO Technology Niv Carmi, Omri Lavie, and Shalev Hulio figured out what internal programmers clearly knew but did not stop to realise and these three founded software to combat terror and crime, Three programmers could see what the 150+ programmers could clearly see in the halls of Facebook and WhatsApp and now we see “the lawsuit described the alleged attacks as an “unmistakeable pattern of abuse” that violated US law” instead of the question: “How was this possible in the first place?”
The need to be able to answer that question will reside far and wide in the scope of software developers, it will reside far and wide in the heads of those using these solutions, but not as much in the heads of the developers or the politicians, they know what was there, they knew what was for sale. And in all this the brief reads “More than a dozen pro-democracy activists, journalists and academics have spoken out after WhatsApp privately warned them they had allegedly been the victims of cyber-attacks designed to secretly infiltrate their mobile phones” and no one wonders why there are no politicians on that list? Or perhaps they are the ‘academics’ in all this.
In all this and no one is asking the question ‘Why was the weakness there to begin with?‘ and in all this the entire how come that the pattern of abuse is the one violating US Law and the weakness in the software is not?
Consider that for a moment! #JustSaying