Facebook-WhatsApp deal raises security concerns
The head of the commission, Thilo Weichert — who described WhattsApp as “Datenschleuder, die technisch nicht ausgereift ist” (data catapult which has not matured technically) — said that people should opt out of WhatsApp for more “trusted services” (see “Datenschützer empfehlen Boykott von WhatsApp,” Handelsblatt, 20 February 2014; also see “Übernahme durch Facebook: Datenschützer ruft zu Boykott von WhatsApp auf,” Spiegel, 21 February 2014; and “German privacy regulator: WhatsApp users should switch to a more secure service,” PCWorld, 20 February 2014).
On 8 October 2013, Dutch security researcher Thijs Alkemade posted on his Xnyhps’ Blog that the encryption can be bypassed, making it possible “that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort.”
The concerns about WhatsApp security – concerns which are only going to grow with Facebook’s acquisition of the company – has led to an increase in sales of security apps. Nico Sell, co-founder of the security-conscious app Wickr, told AFP that the company has seen “thousands more people than normal” downloading its app since Facebook’s announcement. “I think people will swap quickly out of WhatsApp now that it’s part of Facebook,” she said.
Sell noted that Facebook’s core business is monetizing data, while Wickr’s goal is to protect user anonymity and privacy by relying on top-grade encryption and offering rewards to hackers who discover any security flaws.
“They say they won’t put ads on WhatsApp. But that doesn’t mean they can’t feed the beast with the data they are sitting on,” she said. “There are tons of data that can be analyzed from conversations with your friends and family.”
Serge Malenkovich of Kaspersky Labs said in a blog post that these security concerns notwithstanding, users should not panic over WhatsApp and Facebook. “There are no new [emphasis in original] reasons to worry about messaging privacy. Honestly speaking, WhatsApp was never meant to be a true confidential messaging tool; there were even multiple breaches in the past, including some attacks, which make eavesdropping possible.”
Malenkovich adds that confidential data should not be sent unencrypted over standard communication channels, be it Facebook, WhatsApp or e-mail. He urges the use of dedicated security tools to protect data from prying eyes.”
He does note that the bigger threat consumers face in the aftermath of the Facebook-WhatsAdeal is scammers who send messages urging you to “confirm your WhatsApp account” or “opt out of Facebook ads inside WhatsApp.”
“Those messages will definitely contain a malicious link and clicking on it may infect your device or lead you to a phishing page trying to steal personal data from you,” Malenkovich warns.
