contador javascript Saltar al contenido
Contact :

All applications are vulnerable

"You don't have to wonder if they are going to attack us but when," warns a security expert

The attack recorded by WhatsApp

The Facebook messaging platform has again revealed that all applications are vulnerable.

"We don't have to wonder if they are going to attack us but when", says Stella Luna de María, general director of the PentaQuark consultancy. "We have vulnerabilities every day," corroborates José Rosell, partner and director of the S2 security group.

Even the encryption that Mark Zuckerberg's company boasts is not enough. The user is obliged to be active in the protection of their devices.


He has acknowledged having suffered a singular attack. A group of cyber criminals (Facebook points to the Israeli company NSO Group and denies its involvement) It has overcome the security barriers of the application and, through a call that was not even registered, it has been done with the control of a number of mobiles that the American company has not yet been able to specify.

After infecting the recipient's phone with a spy program, the criminals have had access to all the information and functions of the device, including the location of the user or the activation of cameras and microphones.

Oded Vanunu

The chief of vulnerability investigation at Check Point, one of the largest security companies in the world based in Israel, the country designated as the source of the attack, speaks of the sixth generation of these crimes:

?They will be stronger, faster, more sophisticated. They will take advantage of everyone connected, from information clouds, cars or social networks to subtitles, games, drones or seemingly harmless elements such as games or robotic vacuum cleaners. ?

The attack

Suffered by WhatsApp users confirms the fear.

"WhatsApp encryption is safe, but the security barriers to infect the phone have been broken and, once they have installed the program, they can do anything, they have become the user of the device," Rosell warns.

?They have found a place in the video call system. Companies incorporate functionalities to their applications that are not as advanced as the initial ones. They are unproven ?, warns Stella Luna de María, who points out that, having been a selective attack, it is a case of espionage that has also made detection more difficult.

All experts agree that the situation is inevitable. Vanunu compares it with an arms race, in which a new attack system is immediately followed by a defense system.

De María qualifies him as a cat and mouse game, where cybercrime goes "as fast or more than security systems." Rosell warns that the problem is the time that elapses between the action of the cybercriminals and the detection of the attack. In this interval, the vulnerability is total.

What to do

Users have to be active. The director of S2 warns that the updates of the applications must be immediate, "from the zero minute", because many are precisely to correct security breaches and not only to improve functionalities.

In the case of WhatsApp, the company has already distributed the patch to avoid the gap and is activated as soon as the application is updated automatically or manually.

Stella Luna De María urges to keep the phone clean: delete unused applications, check privacy and security settings, disable GPS when not in use, delete cookies, disable permissions, be careful with the wifis to which we connect and change passwords.

They are preventive measures

Faced with an inevitable situation that occurs and has occurred in all applications, even those that, like WhatsApp, have their main claim in security.

"At the beginning of this platform, there were cases of communication interception and identity theft," Rosell recalls. "Attacks are common, but we get more attention when they occur in regular applications that we use every day, ? concludes