By Guido Ronchetti, CTO – XTN Cognitive Security
The WhatsApp vulnerability disclosed a few weeks ago, once again showed how mobile apps are used for embedding surveillance tools on to our handsets.
Most of you will have read the details behind WhatsApp’s story and all the speculations regarding the state-driven origin of the attack. So, there’s no need for me to go into any more detail at this time.
What I was surprised by, was the reaction of some of the security research community on Twitter. In particular, I was surprised by the common opinion that there is no way of detecting the infected status of such a device on a mass scale.
So here are my thoughts regarding the above perception.
There are two different aspects to be considered. First, there is the attack vector used to get control of the device. Second is the use of surveillance tools which persistently monitor the user’s activities. Now it would be unrealistic for the first attack vector to be prevented and blocked for obvious reasons (you would not have any security hole in the first instance otherwise) however, detecting the surveillance tool is feasible and should be done.
Any application providing security or privacy impacting services (almost every online service I would say) should take responsibility to verify the security context where it’s executing. Monitoring the security context means going far beyond the rooting/jailbreak check which some still consider the only mobile-specific security check needed. What is required, involves searching for the presence of malware or spyware on the device which could be intercepting the user’s data.
At XTN, we have been developing technology to provide this kind of visibility: using our SEAP technology, any app could be able to detect the presence of malware compromising the security of the context of execution.