On May15, a text message came through on a Whatsapp Group.
“Dear family, there is a security breach in WhatsApp and now it is susceptible to hacking. Please update your WhatsApp to avoid being hacked,” the text read. However, no questions were asked on what the breach was or meant by the group members. As an inquisitive one, I later learnt WhatsApp, a social media platform with 1.5b users, under the ownership of Facebook, confirmed that hackers remotely installed surveillance software on phones and other devices using a loophole in the app.
In a report by BBC News, the spy software was developed by Israeli firm NSO Group, and Facebook only discovered it early May. “Attackers used WhatsApp’s voice call function to ring a target’s device. Even if the call was not picked up, the surveillance software could still be installed because of that vulnerable voice over internet protocol not being secure enough. The call then may have disappeared from the device’s call log because hackers had control of the app,” the BBC report read. The report also showed that Facebook said the attack targeted selected users.
However, for a user, such a development always leaves questions such as how secure are the applications or even social media platform we are always downloading?
Digital communications consultant Mr John Babirukamu says majority of social media apps are consistently testing themselves.
“They have a bunch of white hat hackers who hack to find vulnerabilities in a system such that the owner can then close them and not have them exposed for the customer. Social media platforms actually spend money on trying to prevent these hacks,” he says.
For safety, there are specific Apps that have been built to prevent third parties from tapping into conversations including WhatsApp and Telegram which have been encrypted, end to end.
“Encryption is to prevent a third party like government or a data provider from listening in on your conversation such that it is locked when you are sending the message and only opens when you receive it. This encryption is high end. But platforms such as Facebook which have been caught selling people’s data are not that encrypted so it is a vulnerability,” Mr Babirukamu says.
On the other hand, any system built with the purpose of having input from users, loopholes cannot be completely ruled out. According to BBC News, messages can be read before they are encrypted or after they are decrypted. This implies any spy software put on the phone by an attacker could read the messages.
Mr Babirukamu is not too worried about the WhatsApp hack because in his view, Uganda is still an economy too insignificant for major hackers to attack. Yet, he advises that when App developers or owners make such major announcements, tips on securing oneself are adhered to.
Use your phone number
“Ensure you update your App,” he advises individuals and businesses. Also there is something we call two-way authentication. When you are logging in, you must receive an SMS code. If you registered with a number, someone else cannot log in without having your phone so people who do not put it for their Facebook, Instagram, LinkedIn or Twitter accounts face hacks because one can do brute-force to get your password and next is hacking the account.”
Another risk social media users face comes from third party applications. If you have linked your social media to apps like Hootsuite, a social media management platform or Socialbakers, a social media marketing company which, for instance, help us schedule posts, you face risks.
Mr Babirukamu also warns against using weak passwords such as ‘Kampala’. It should be complicated with a few numbers and characters.
But besides the applications, the type of device used to access social media sites has to be put into consideration too.
“If you are using a computer in an internet café, it makes you more vulnerable so you are safer using your mobile phone. But also many people do not have passwords on their phones which is wrong. If you do not have a password, even with the two-step authentication, you are open to hacks so that should be the number one point of safety,” Mr Babirukamu says.