By Guido Ronchetti, CTO – XTN Cognitive Security
The WhatsApp vulnerability disclosed a few weeks ago, once again showed how mobile apps are used for embedding surveillance tools on to our handsets.
Most of you will have read the details behind WhatsApp’s story and all the speculations regarding the state-driven origin of the attack. So, there’s no need for me to go into any more detail at this time.
What I was surprised by was the reaction of some of the security research community on Twitter. In particular, I was surprised by the common opinion that there is no way of detecting such a device’s infected status on a mass scale.
So here are my thoughts regarding the above perception.
There are two different aspects to be considered. First, there is the attack vector used to get control of the device. Second is the use of surveillance tools that persistently monitor the user’s activities. It would be unrealistic for the first attack vector to be prevented and blocked for obvious reasons (you would not have any security hole in the first instance otherwise); however, detecting the surveillance tool is feasible and should be done.
Any application providing security or privacy impacting services (almost every online service, I would say) should take responsibility to verify the security context where it’s executing. Monitoring the security context means going far beyond the rooting/jailbreak check, which some still consider the only mobile-specific security check needed. What is required involves searching for malware or spyware on the device that could be intercepting the user’s data.
At XTN, we have been developing technology to provide this kind of visibility: using our SEAP technology, any app could detect the presence of malware compromising the security of the context of execution.
