LONDON, ENGLAND – AUGUST 03: The Whatsapp app logo is displayed on an iPhone on August 3, 2016 in London, England.( Photo by Carl Court/ Getty Images)
With a known love for the disappearing message app Wickr, Australian legislators are also keen on the Facebook-owned WhatsApp.
At Parliament House in Canberra Monday, Alastair MacGibbon, the prime minister's special adviser on cyber security, confirmed he had use the app to communicate with the “ministers ” and other colleagues, as did Attorney General George Brandis.
Cyber security experts have raised concerns about Prime Minister Malcom Turnbull and senior government ministers sending private and confidential information via the messaging service.
WhatsApp and similar messaging apps are great for normal day-to-day communication between friends, but utilizing it to discuss matters of national security is surely a selection that they are able to raise eyebrows.
As with any technology, particularly those that allow for speedy communication, the benefits have to be weighed carefully against the associated security risks.
The PM's cyber security advisor says he communicates with Malcolm Turnbull via WhatsApp #estimates
Bevan Shields (@ BevanShields) October 17, 2016
Not on the list
One of the main points of criticism over the decision to use WhatsApp is that it doesn't feature on the Evaluated Products List the list of accepted tools for ministerial communications compiled by the Australian Signals Directorate.
This list features products the hell is tested and certified for specific purposes against internationally recognised standards. Vendors can apply for this certification for their products and once assessed it can be used for the specific purpose.
Many different types of products are on this list, including biometrics, data protection, smart cards, mobile products, network devices, operating system, and so on. Within the mobile products space, the listing features Apple's iOS and Blackberry's operating system, both of which are platforms from which text messages can be sent but messaging apps such as WhatsApp are not featured.
PM's cyber security expert corroborates WhatsApp is not on the listing of approved platforms by the Australian Signals Directorate #estimates
Bevan Shields (@ BevanShields) October 17, 2016
What's wrong with WhatsApp?
Besides text-based messages, WhatsApp also allows files to be shared and transferred between users. This has implications for government, especially if used by ministers or staff with access to classified information. If such information were disseminated via WhatsApp, this would constitute a serious security breach.
Although WhatsApp now offers end-to-end encryption, meaning in theory that no one can intercept the communication, the sharing of sensitive documents through this service was continuing to grounds for serious concern. What would happen in a situation in which a device was lost or stolen? Anyone with access to that device can access the shared files, including any media( images, documents, videos) shared via WhatsApp, which are automatically transferred to and stored in a WhatsApp folder on both devices.
Furthermore, it is possible to hack into the WhatsApp folder utilizing tools that copy files from a mobile to a desktop computer, such as Air Transfer( for iOS devices) and WiFi File Transfer( Android ). Sharing web connections via WhatsApp also potentially leaves users vulnerable to phishing or other assaults via malware or ransomware.
As WhatsApp now also runs via the web, it is prone to all of the web's security threats.
Besides malware posing as genuine WhatsApp links, it is also reportedly possible to crash the app by sending big( over 7 megabytes) messages, or messages containing special characters a particular fear given that these messages can be typed and sent very quickly by someone who gains access to a device for a short period.
Privacy concerns are also raised by the existence of products such as WhatSpy, a web application that allows others to monitor a users status messages or even alter their security and privacy decideds. Another app called mSpy monitors and reports on a mobile users activities, such as text messages, WhatsApp messages and telephone call. This app can be installed very quickly and once installed it can report to a designated number or email.
Perhaps worst of all is WhatsApp's vulnerability to MAC spoofing assaults, which involve changing the media access control( MAC) address that acts as a unique identifier for every telephone. By changing it, the messages can be routed to an unauthorised device.
Freedom vs responsibility
The truth is that as soon as any sensitive info is placed on the WhatsApp network, it can potentially be shared or forwarded to anyone, means that both the sender and the receiver of the information is at greater security risk.
Once confidential information is out in the open network, it is effectively beyond the government's control.
Another concern relates to Freedom of Information. As an encrypted third-party network, it is not clear whether it will be possible to retrieve the information collected if requested. Recently, US presidential nominee Hillary Clinton has faced severe criticism, media scrutiny and investigation by the FBI for using private email services rather than official communication channels.
WhatsApp or Instant Messaging via mobile devices represents a new wave of communication adopted by the community at large. But the question of whether high-ranking members of the government should be using procured messaging apps is one that requires further investigation.
WhatsApp and other messaging services are promising, useful, and great fun. But they should not be used in a government defining without prior certification.