With a known love for the disappearing message app Wickr, Australian politicians are also keen on the Facebook-owned WhatsApp.
At Parliament House in Canberra Monday, Alastair MacGibbon, the prime minister's special adviser on cyber security, confirmed he had used the app to communicate with the prime minister and other colleagues, as did Attorney General George Brandis.
Cyber security experts have raised concernsabout Prime Minister Malcom Turnbull and senior government ministers sending private and confidential information via the messaging service.
WhatsApp and similar messaging apps are great for normal day-to-day communication between friends, but using it to discuss matters of national security is certainly a choice that will raise eyebrows.
As with any technology, particularly those that allow for speedy communication, the benefits have to be weighed carefully against the associated security risks.
Tweet may have been deleted
One of the main points of criticism over the decision to use WhatsApp is that it doesn't feature on the Evaluated Products List-- the list of accepted tools for ministerial communications compiled by the Australian Signals Directorate.
This list features products that are tested and certified for specific purposes against internationally recognised standards. Vendors can apply for this certification for their products and once evaluated it can be used for the specific purpose.
Many different types of products are on this list, including biometrics, data protection, smart cards, mobile products, network devices, operating systems, and so on. Within the mobile products space, the list features Apple's iOS and Blackberry's operating system, both of which are platforms from which text messages can be sent -- but messaging apps such as WhatsApp are not featured.
Tweet may have been deleted
Besides text-based messages, WhatsApp also allows files to be shared and transferred between users. This has implications for government, especially if used by ministers or staff with access to classified information. If such information were disseminated via WhatsApp, this would constitute a serious security breach.
Although WhatsApp now offers end-to-end encryption, meaning in theory that no one can intercept the communication, the sharing of sensitive documents through this service would still be grounds for serious concern. What would happen in a situation in which a device was lost or stolen? Anyone with access to that device can access the shared files, including any media (images, documents, videos) shared via WhatsApp, which are automatically transferred to and stored in a WhatsApp folder on both devices.
Furthermore, it is possible to hack into the WhatsApp folder using tools that copy files from a mobile to a desktop computer, such as Air Transfer(for iOS devices) and WiFi File Transfer(Android). Sharing web links via WhatsApp also potentially leaves users vulnerable to phishingor other attacks via malware or ransomware.
As WhatsApp now also works via the web, it is prone to all of the web's security threats.
Besides malware posing as genuine WhatsApp links, it is also reportedlypossible to crash the app by sending large (over 7 megabytes) messages, or messages containing special characters -- a particular fear given that these messages can be typed and sent very quickly by someone who gains access to a device for a short period.
Privacy concerns are also raised by the existence of products such as WhatSpy, a web application that allows others to monitor a user’s status messages or even alter their security and privacy settings. Another app called mSpymonitors and reports on a mobile user’s activities, such as text messages, WhatsApp messages and phone calls. This app can be installed very quickly and once installed it can report to a designated number or email.
Perhaps worst of all is WhatsApp's vulnerability to MAC spoofingattacks, which involve changing the media access control (MAC) addressthat acts as a unique identifier for every phone. By changing it, the messages can be routed to an unauthorised device.
The truth is that as soon as any sensitive information is placed on the WhatsApp network, it can potentially be shared or forwarded to anyone, meaning that both the sender and the receiver of the information is at greater security risk.
Once confidential information is out in the open network, it is effectively beyond the government's control.
Another concern relates to Freedom of Information. As an encrypted third-party network, it is not clear whether it will be possible to retrieve this information if requested. Recently, US presidential candidate Hillary Clinton has faced severe criticism, media scrutiny and investigation by the FBIfor using private email services rather than official communication channels.
WhatsApp or Instant Messaging via mobile devices represents a new wave of communication adopted by the community at large. But the question of whether high-ranking members of the government should be using secured messaging apps is one that requires further investigation.
WhatsApp and other messaging services are promising, useful, and great fun. But they should not be used in a government setting without prior certification.
TopicsWhatsApp
(责任编辑:休閑)
Pole vaulter claims his penis is not to blame
Snap diversity report debuts new anti
Waymo's AI taxi thwarted by traffic cones, then made everything worse
How to enable 2FA on PlayStation 5 and PlayStation 4
Darth Vader is back. Why do we still care?
If Prince William isn't the sexiest bald, who is? People have ideas.
Google's I/O 2021 developer conference will be virtual and 'free'
The 'rose' is sweeping TikTok, but the viral sex toy is kind of sketchy
What brands need to know about virtual reality
Daniel Kaluuya's Oscars speech thanked his parents for having sex
5 people Tim Cook calls for advice on running the biggest company in the world
'Everspace 2' dazzles. Hearing the history, it's easy to see why.