Jared Kushner uses WhatsApp to communicate with foreign contacts as part of official government business. At this point, I just assume our government is completely compromised by aggressive foreign powers.
14
"An Israeli firm accused of supplying tools for spying on human-rights activists and journalists" for profit. That says it all.
When will America realize that Israel is not our friend and certainly not our ally? They continue to spy on America, interfere in our elections, going to such an extreme as to snub our president, Obama, to give a partisan pro-Republican speech in our Congress simultaneously inciting us into a war with Iran where American soldiers will die - certainly no Israeli soldiers will die in the conflict. And what do we get in return for giving the billions in tax payer money and armaments? NOTHING - just more spying on us to manipulate us even more.
Just like Huawei is a Chinese business, so is NSO an Israeli government entity.
Indeed, NSO should be considered a terrorist organization helping terrorist governments and organizations against our first amendment heroes and human rights defenders - something Israel believes they are entitled to violate outside their proper borders.
Why would Israel assist MBS of Saudi Arabia to slaughter an American based journalist? Help a human rights abusing corrupt government in Mexico?
8
The best way to mitigate the risk of data breaches in this case is to stop using Whatsapp! It's owned by Zuck now, therefore cannot be trusted. CancelFacebook!
7
Anybody who knows anything about security doesn't use WhatsApp at all. They can put fixes in till the cows come home and it would still not be secure.
3
"WhatsApp encourages people to upgrade to the latest version of our app, ..."
If you need instructions, do a web search for "How to update WhatsApp".
There is a WhatsApp web page with that title under "FAQ: General".
1
'Tech' writers routinely counsel users that Apple phones are more secure than Android, and that applications should always be purchased from the Apple store rather than independent sources.
Yesterday the courts decided to allow antitrust suits against Apple, based on excess profits.
Consumers who want security/privacy should buy Apple, and hold them accountable for leaks/hacks.
5
"... applications should always be purchased from the Apple store rather than independent sources."
The security vulnerability being reported here is a WhatsApp problem, so the vulnerability would be present in the WhatsApp app downloaded from the Apple store. Read the article again:
"WhatsApp engineers worked around the clock to patch the vulnerability and released a patch on Monday."
And new WhatsApp users should follow the platform-specific download links at the WhatsApp web site:
https://www.whatsapp.com/download/
4
Anybody read their terms and agreements before clicking the
"I ACCEPT" button? Facebook?, Whats App?, Instagram? We are all complicit in handing over our personal information voluntarily regardless of what NSO does. They sell tools to exploit individuals and we as a mass gave them permission to...
5
With code signing, sandboxing, entitlements, and all the controls in place, how did iOS allow this to happen? It can't possibly be solely a "WhatsApp" problem.
Apple should explain ASAP.
5
"Apple should explain ASAP."
The security vulnerability being reported here is a WhatsApp problem:
"WhatsApp engineers worked around the clock to patch the vulnerability and released a patch on Monday."
2
@VBR
You are missing the point. How can it only be a security vulnerability in WhatsApp?
1
The Israeli government could stop this if it wanted. If Israel truly was our ally, it would shut down all sales by NSO that could be used against Americans and our allies, such as human rights groups.
4
@Garak I understand, but I also assume that NSO sells lots of its services right here in the USA. We do have our own spying agencies, let alone countless corporations or individuals who would dearly love to secretly steal info, for one reason or another. That's just my assumption.
5
For anyone, anywhere, who purchases apps thinking they are secure from the type of infiltration cited in this article, there is also a bridge in Brooklyn waiting for their purchase . . .
10
The latest 'war on democracy' via cyber attack seems to be targeting our legal system. We have already seen the manipulation of public opinion and the election of judges using the methods of Cambridge Analytica and Russian election hacking. Next we can expect to see the pilfering of privileged attorney-client information, the intimidation of lawyers and judges and the manipulation legal (case law) databases.
The Courts seem to be the only branch of the Federal Government that's effective anymore. Soon that, too, will be a memory.
4
Which court are you thinking of? The court lost its legitimacy after Bush-Gore. And killed its legitimacy with Heller and buried it with Citizens. The upcoming Gerrymandering and Census cases will be the final service and memorial for our once functioning system. Sad times....
7
“WhatsApp engineers worked around the clock to patch the vulnerability and released a patch on Monday. They encouraged customers to update their apps as quickly as possible.”
The latest WhatsApp update in my Apple Store is dated May 5. Where is the security update supposedly released two days ago?
14
"Where is the security update supposedly released two days ago?"
Try a *manual* update.
They are easy to do, but, if you need instructions, do a web search for "How to update WhatsApp". There is a WhatsApp web page with that title under "FAQ: General".
3
@VBR
Done.
Thank you!
1
Switch to Signal if you want security and also use Foxfire or Duck Duck Go.
Whatsapp is fine but Signal is about as secure as you can get and they dont misuse your information like Facebook which owns it.
And by the way, stop using Facebook. You'll survive.
9
@South: Agree that Signal has a great reputation for encrypting smartphone communications, but from what I read, it's no silver bullet. The evil genius behind NSO's spyware -- and presumably others like it -- is that it intercepts your activity before Signal encrypts it for transmission. Signal is a heavily armored Brinks truck; NSO is a gunman sticking up the guard in the bank lobby.
6
@American Abroad
Signal uses end-to-end encryption. All secure Signal messages are encrypted on your phone before being sent, and can only be decrypted by the intended recipient(s). This removes the need to trust any third party to keep your data safe, and no third party can access the messages in transit.
No evidence Signal has ever been breached by anyone that Im aware of.
2
All of this "security" tech, (or similarly, arms, security and weapons systems), eventually either moves beyond the intended application or user base - it's inevitable.
Consider all the security trade export restrictions dropped by the USA to help the People's Republic of China during the preparations for the Olympics held there in 2008 - those private companies often staffed by former intelligence officers, made available advanced facial recognition, and other dual-use computer systems, that now have found their way into the hands of Ecuadorian intelligence services for targeting enemies of people in the government that they have political alliances with.
8
...and please pardon my failure to have mentioned applications of this same over-the-counter exchange of "security" technology that is and has been used to incarcerate and oppress countless non-Han ethnic groups in China, including Tibetans but most urgently also the millions of once independent Uighurs in what is now N.W. corner of the People's Republic of China.
2
The tech world is like the wild-wild-west. Anything goes, and very few actors are held accountable. The media should be focused on this with laser precision, but we continue to get thrown distractions with nonsensical news to fuel the culture wars.
6
Our privacy, personal and private communications with family, friends, business associates & co-workers went down the tubes when FACEBOOK abandoned its original goal for people to connect with another when the company got greedy for more & more profits. Safeguards & oversight to prevent abuse was put on the back burner.
So, now we have this sad episode of spying to be very concerned about as we struggle along in our nation with a battle between Congress and the Executive Branch pertaining to the Mueller Report and the Russian interference in our nation's National Elections.
What's next? I'll wait and see for it when it's reported in THE NEW YORK TIMES.
4
Surprised? A Syrian refugee I tried to help had WhatsApp installed on his phone and I wanted to communicate readily with him. So he wanted me to use WhatsApp. I downloaded it and was going through the install process where the procedure was for me to agree to their privacy terms. I read just part of what they had to say and it appalled me. They wanted fuill access to all my contact information. Why?? What is the justification for that in terms of MY interests? So I then deleted the WhatsApp I had downloaded and never agreed to the terms. Next day I start getting all kinds of friend suggestion in my Facebook account for all kinds of characters where everything on their account was in Arabic, which I don't speak or read. I was pretty disturbed. The only way I can see that suddenly happening is that Facebook had gotten these folks from their connection to members of the Syrian refugee family I was trying to help. I showed a member of the family some of the Facebook suggestions and indeed there was a connection. It wasn't too much longer after that before I deleted my Facebook account, never again to touch any software owned by Zuckerberg who of course owns both WhatsApp and Facebook.
41
ISRAEL CAN ILL AFFORD Encoded messages that could permit terrorists to operate undetected and carry off massacres. No nation could afford such terrorist threats. If the designer and marketer did due diligence and worked in conjunction with governments, then there must have been some system of checks and balances. It's necessary to study all the facts and to avoid a rush to judgment.
4
@John Jones
No, it's still not right. The end does not justify the means. And this goes way beyond it's borders. Did you even read the article, about the kind of people targeted?
12
@John Jones - bottom line is everyone in the modern digital age figuratively speaking, lives in glass houses - best to make nice with everyone since you never know.
2
@friend for life
“Making nice” is NOT the lesson here. Being aware of hacking , stealing your date and that of your communicants IS the lesson.
Although it will be painful for the 3+ billion Facebook and WhatsApp users, their communications over digital devices would be more secure if they deleted these Apps.
I’m not oblivious to the data theft from other applications and browsers. Again the lesson is Be. Aware.
2
Why does everyone keep calling this a "Israeli company" when it is no longer owned by Israelis, but is owned by American and/or British companies? The fact that it has operations in Israel doesn't make it any more Israeli than would the fact that German and Japanese auto firms have operations in the US make them "US companies." The owners of a company are responsible for the company's policies and operations, not the country where it's employees are located.
12
@Stan Nadel
In answer to whether NSO is an Israeli co. or not, here is the wiki description of NSO Group.
https://en.wikipedia.org/wiki/NSO_Group
13
@rodo 70% financial ownership is American-based, per Wikipedia.
1
"The fact that it has operations in Israel doesn't make it any more Israeli ..."
The company's headquarters are in Israel.
And "... Israel’s Ministry of Defense, [] needs to authorize any contract that NSO wins from a foreign government ..."
See:
A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments
By Mark Mazzetti, Adam Goldman, Ronen Bergman and Nicole Perlroth
March 21, 2019
New York Times
2
First FaceTime. Now WhatsApp!
We have reason to be paranoid that our devices are listening to us.
10
Let’s not wait for ISO to investigate ISO.
4
WhatsApp is one of the poorest security enabled social messanger. Its encryption technology has already shared with many countries agencies and furthermore to private bodies as well. The hackers are operating from the main computer server itself, once the mobile SIM is registered in any particular server, all the messages, websight browsing history, SMS, call details, call records, phone memory hacking everything is possible. Also in country like India, any sim getting connected to internet, it's IP, from ISP is available to the hackers. In a nut shell, it is zero security, situation is that vulnerable. Only remedy may be any personal level encryption between two person by using some software and personal key. Thanks.
6
@Anindya Das
Signal is safe and uses end to end encryption and other safeguards that have not ever been breeched. Not true with Whatsapp and Telegram.
The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption. The story isn’t about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we’re doing is working. Ubiquitous e2e [end to end] encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks.
5
Let’s not wait for NSO Group to start an investigation of NSO Group.
20