As technology continues to advance more and more of its usage continue to slip into our daily lives. Of course, which is to be expected as tech has become the cornerstone of modern society. The motivation behind the rapid adoption of tech is no doubt to make the lives of humans as simple as possible. This is a strategy that has propelled the market into mainstream adoption.
Although simpler is always better, we should not ever accept new concepts without questioning it first, especially when highly sensitive information is involved. I’m not saying don’t embrace tech, what I am saying is, don’t adopt it blindly without crossing all your T’s and dotting your I's. Logically, you won’t just blindly give away your bank pin or even log in to your bank account via Facebook, would you?
So why would you let a social platform like WhatsApp access your highly sensitive banking information?
Vulnerabilities Found in WhatsApp
Check Point Software, a leading cyber threat intelligence company, released a research publication in August 2018 detailing their findings of security bridges on the WhatsApp messaging application. The Publication entitled “FakesApp: A Vulnerability in WhatsApp” was produced by research team Dikla Barda, Roman Zaikin and Oded Vanunu.
WhatsApp, owned by Facebook, has over 1.5 billion users with an average of over 65 billion messages sent each day. This is a massive amount of information that could be compromised.
Watch the video below for a quick overview of how hackers can compromise your private messages:
But WhatsApp is Encrypted
But WhatsApp is Encrypted you might say – this is common knowledge to all users, we see the message in our conversations every day. These messages are what gave Check Point their starting point to find these vulnerabilities.
In essence, Barda Et al. were able to reverse engineer the encryption on WhatsApp and pick up the three weaknesses:
- Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.
- Alter the text of someone else’s reply, essentially putting words in their mouth.
- Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation.
~ Barda, Zaikin and Vanunu, August 2018
What Does This Mean for The Introduction of WhatsApp into The Banking Industry?
As mentioned previously, WhatsApp Banking was launched in South Africa earlier this year. Now that we have established that the encryption is not as highly secure as we thought and had the potential to be hacked, is using the instant messaging service the safest option out there?
Below we highlighted an example of a transaction that executed via WhatsApp banking:
Source: Clickatell
Given recent findings, it is easy to see how a transaction is at risk via WhatsApp Banking. As consumers, we need to ask ourselves if convenience is more important than security.
Especially in a day and age where we have so many more options to make our banking more accessible and more convenient.
Alternative Options to WhatsApp Banking Via Mobile:
So many more Banking options have been made accessible for feature and smartphone users in South Africa over the past few years. Choose between:
- Cell phone Banking (via USSSD),
- Internet Banking
- Mobile App Banking
All these options are highly secure and make use of two or Multi-two factor authentication protocol to actions against fraudulent transactions. Of course, there is also always a risk of falling victim to phishing messages, but these incidents are reduced dramatically merely by educating yourself.
View Our handy guide on how to identify phishing messages.
Contact Us for Innovative Solutions
iTouch is one of the few messaging companies in Africa that abide by GDPR and POPI security standards. If you need assistance in building effective messaging solutions for your business, contact us to see how we can help.
Let us worry about the legal and security protocols so you can focus on growing your business.
Sources: