Saturday, November 15, 2014

I spy, You spy, He spies and WhatsApp makes it optional

It's the big complaint online: "We do not have privacy, we are spied everywere". We're in a tricky territory, where nobody has yet clear limits. Data is now big, big business and people love services that are free, in exchange of their information. They don't know, or don't want to know, that less privacy is less security.

But, sometimes, we recognize the danger and react. This has been the case with WhatsApps’ blue doble check: it was activated last week, to tell the emissary of a message that the recipient has read it. After an avalanche of complaints and reports that some cybercriminals were using it for their misdeeds, yesterday WhatsApp launched a new version, 2.11.444, which allows to disable this option.

Other little spies are cookies. Although by law websites should report their presence, most of as push the "accept cookies" button without knowing what we are doing. Some cookies are able to follow us wherever we go on the Internet and send the information to companies that use it for psychological studies, market or advertise. Perma-cookies are an extreme example: they can not be erased from the computer, even if we try. Verizon uses them and also AT&T, to spy on browsing habits of their mobile customers. The latter company has just announced that will leave perma-cookies... for now.

Anyway, the big expert in cyberspying is, yes, the US government. It is now known that since 2007 US Government has an active surveillance program using small aircrafts with devices installed that simulate to be mobile phone masts. So they can hear the conversations or read messages from any vulnerable mobile within its range. The government says it is only used to prosecute criminals.

Mobile security is another area where we are in its infancy. Participants in Mobile Pwn2Own 2014 event have shown how easy it is to take control of most operating systems for mobile phones. iPhone 5S, Galaxy S5, LG Nexus 5 and Amazon Phone Fire were overthrown mercilessly and the only one that resisted with some dignity was Windows Phone. Incidentally, Apple has minimized importance of the security hole with which we started the week: Masque Attack, which allows to install malicious applications on iOS. 95% of Apple's mobile devices are vulnerable, but the company downplays this because no one has been attacked.

Should we give up and accept that we will never have absolute safety in our communications? Let’s have a good Saturday.


Post a Comment