Home » Learning Curve » Red Hat Diaries
WhatsUp With WhatsAppSo far it's not enough.
MOUNTAIN VIEW (Rixstep) — There's been quite a stir of late about WhatsApp, used by an estimated 1.5 billion people worldwide. There was talk on the town about it yesterday. 'Do you use WhatsApp?' 'No but we have a friends who do - we should warn them about it!'
And so forth.
The BBC kindly had a segment on their early morning Breakfast, with a techie beamed in to calm the unwashed masses down. 'Is there a real danger, what should we do?' asked Louise. 'Just keep your devices up to date', explained the techie. She went on to philosophise about the 'danger', saying that the NSO Group hack was used in 'targeted' attacks, and that most people can therefore feel safe.
That's not good enough. And whilst pressure is brought on various groups, nothing is being said about the people responsible for the systems being hacked: iOS and Android, provided by Apple and Google.
It's not long ago that Apple touted/nagged/boasted about their Rock Solid Foundation™, with considerable justification. Comparing Microsoft Windows to just about anything will make that 'anything' look good, look gleaming. And Google go so far as to prohibit use of Microsoft Windows without special authorisation.
There is just cause in these positions. Unix wasn't designed for 'Orange Book' security, but it's proven adaptable. The Internet basically runs on Unix. All the security you'd want is there.
It's when people start messing about with that Rock Solid Foundation™ that things happen.
Apple's had their share of security scandals, most notably the Opener hole, which meant that anyone with admin privileges could move a specially crafted script into a specific directory which the kernel, pre-login, would pick up and execute as 'SUM root'. This hole was left in place for years, ostensibly because it was used for teacher's aid software.
One may also remember that Apple had all code on the iPhone running as root through the first three iterations, and with the seemingly critical passwords 'alpine' and 'dottie' eminently discoverable.
Google ideas are hardly an enviable example of security consciousness. Some people may still remember how Google once denounced 'evil', saying they'd never stoop that low, yet time and again they're caught out overstepping the bounds of decency.
The WhatsApp story is very unsettling because few people, who are familiar with the Rock Solid Foundation™ used by both Apple and Google, know how such an exploit could even be possible, and until the world is given a satisfactory tale of what went wrong and why, then no: it's not going to be enough.
About RixstepStockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.
Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.
All Content and Software Copyright © Rixstep. All Rights Reserved. |