WhatsApp—a great idea for mates but a terrible one for ministers

October 13, 2016 by Vidyasagar Potdar, The Conversation
It’s all fun until someone gets hacked. Credit: mirtmirt/Shutterstock.com

Cyber security experts have raised concerns about Prime Minister Malcom Turnbull and senior government ministers sending private and confidential information via the messaging service WhatsApp.

WhatsApp and similar messaging apps are great for normal day-to-day communication between friends, but using it to discuss matters of national security is certainly a choice that will raise eyebrows.

As with any technology, particularly those that allow for speedy communication, the benefits have to be weighed carefully against the associated security risks.

Not on the list

One of the main points of criticism over the decision to use WhatsApp is that it doesn't feature on the Evaluated Products List – the list of accepted tools for ministerial communications compiled by the Australian Signals Directorate.

This list features products that are tested and certified for specific purposes against internationally recognised standards. Vendors can apply for this certification for their products and once evaluated it can be used for the specific purpose.

Many different types of products are on this list, including biometrics, data protection, smart cards, mobile products, network devices, operating systems, and so on. Within the mobile products space, the list features Apple's iOS and Blackberry's operating system, both of which are platforms from which text messages can be sent – but messaging apps such as WhatsApp are not featured.

What's wrong with WhatsApp?

Besides text-based messages, WhatsApp also allows files to be shared and transferred between users. This has implications for government, especially if used by ministers or staff with access to classified information. If such information were disseminated via WhatsApp, this would constitute a serious security breach.

Although WhatsApp now offers end-to-end encryption, meaning in theory that no one can intercept the communication, the sharing of sensitive documents through this service would still be grounds for serious concern. What would happen in a situation in which a device was lost or stolen? Anyone with access to that device can access the shared files, including any media (images, documents, videos) shared via WhatsApp, which are automatically transferred to and stored in a WhatsApp folder on both devices.

Furthermore, it is possible to hack into the WhatsApp folder via tools such as WiFi File Transfer, which is used to copy files from a mobile to a desktop computer. Sharing web links via WhatsApp also potentially leaves users vulnerable to phishing or other attacks via malware or ransomware.

As WhatsApp now also works via the web, it is prone to all of the web's security threats.

Besides malware posing as genuine WhatsApp links, it is also reportedly possible to crash the app by sending large (over 7 megabytes) messages, or messages containing special characters – a particular fear given that these messages can be typed and sent very quickly by someone who gains access to a device for a short period.

Privacy concerns are also raised by the existence of apps such as WhatSpy, which allows others to monitor a user's messages and photos or even alter their security and privacy settings. Another app called mSpy monitors and reports on a mobile user's activities, such as text messages, WhatsApp messages and phone calls. This app can be installed very quickly and once installed it can report to a designated number or email.

Perhaps worst of all is WhatsApp's vulnerability to MAC spoofing attacks, which involve changing the media access control (MAC) address that acts as a unique identifier for every phone. By changing it, the messages can be routed to an unauthorised device.

Freedom vs responsibility

The truth is that as soon as any sensitive information is placed on the WhatsApp network, it can potentially be shared or forwarded to anyone, meaning that both the sender and the receiver of the information is at greater security risk.

Once is out in the open network, it is effectively beyond the government's control.

Another concern relates to Freedom of Information. As an encrypted third-party network, it is not clear whether it will be possible to retrieve this information if requested. Recently, US presidential candidate Hillary Clinton has faced severe criticism, media scrutiny and investigation by the FBI for using private email services rather than official communication channels.

WhatsApp or Instant Messaging via mobile devices represents a new wave of communication adopted by the community at large. But the question of whether high-ranking members of the government should be using secured messaging apps is one that requires further investigation.

WhatsApp and other messaging services are promising, useful, and great fun. But they should not be used in a government setting without prior certification.

Explore further: Spanish agency to probe Facebook/WhatsApp data swap deal

Related Stories

WhatsApp adds messaging from Web

January 21, 2015

The popular mobile messaging application WhatsApp, acquired by Facebook last year for nearly $22 billion, unveiled a new service Wednesday for sending messages from a Web browser.

WhatsApp is going to share your phone number with Facebook

August 25, 2016

Global messaging service WhatsApp says it will start sharing the phone numbers of its users with Facebook, its parent company. That means WhatsApp users could soon start seeing more targeted ads and Facebook friend suggestions ...

Facebook launches 'lite' version of Messenger overseas

October 3, 2016

Facebook is launching a "lite" version of it Messenger chat app. It is aimed at emerging markets, where many people use older phones that don't have enough room to store or ability to run the full-featured application due ...

WhatsApp service stumbles briefly

January 26, 2016

Facebook-owned smartphone messaging service WhatsApp temporarily crashed in an array of countries from the US to India, potentially affecting hundreds of millions of users.

Recommended for you

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.