Just like many devices that are connected to the internet nowadays, mobile devices present a high risk of being negatively impacted by cyber threats.
WhatsApp’s communications are protected by end-to-end encryption. Encryption involves the breaking down of data into a random plain structure using certain algorithms rendering it unviewable in its original form, other than to those individuals who have the encryption key. This key is automatically sent to the recipient of the communication on WhatsApp. Simply put, the information in your messages and calls can only be accessed/read by you, the sender, and whomever you send them to - not even WhatsApp can access the information. Based on WhatsApp’s website’s statement, it does seem that your private data contained in your WhatsApp communications is not going to be shared with a third party, nor Facebook.
As an example, the “Agent Smith” android virus infected approximately 25 million android devices in 2019. This virus was disguised in legitimate Google-related applications (mostly in the form of free mobile games). Security researchers also discovered a new Android Trojan with malware droppers and spyware capabilities in 24 Google Play Store apps with more than 472,000 downloads in total.
These types of viruses are where the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed applications on the device with malicious versions without the user’s interaction. Malware such as Agent Smith uses its broad access to the device’s resources to show fraudulent adverts for financial gain.
Malware authors have realized in the past years that Google has a very hard time picking up "droppers" hidden in legitimate apps. For the past few years, increasingly more malware operations have adopted this trick of splitting their code in two —a “dropper” and the legitimate application.
Malicious applications aside, there are links to malicious websites which are sent via phishing SMS’s and WhatsApp. Cyber criminals also use these methods for social engineering to entice you to provide your credentials. This is all with the intention of stealing your data. With this in mind, individuals accessing their corporate data on their device can place their employer at risk as well. Organisations should also adopt stricter Bring Your Own Device policies, combined with the requisite mobile device management software solutions. This will assist in mitigating the risk of corporate data being compromised on their employees’ mobile devices.
Mobile users should invest in a mobile threat defence solution (antivirus for your device), ensure that their device operating systems are up to date, and only utilize applications from official application stores.
Cyber threats are here to stay, they are evolving and becoming more complex every day. These threats are not just a risk to businesses, but to all of us in our everyday life. It is up to everyone to educate themselves about these threats in order to quickly identify them and mitigate the risk as much as possible.