Naked Science Forum

Non Life Sciences => Geek Speak => Topic started by: nudephil on 16/07/2020 16:38:11

Title: How could a WhatsApp hack compromise other apps on a phone as well?
Post by: nudephil on 16/07/2020 16:38:11

Gabriel asks:

I read somewhere that Jeff Bezos lost $20 billion approx (through divorce) because he added the Saudi prince on his WhatsApp. The story goes says he received a link from the prince on WhatsApp, which subsequently led to his phone being hacked, and the news of his affairs made public. What kind of access and info they could have? Aren't the apps for messages and for pictures distinct? Why should hackers be able to see virtually all info?

Any thoughts?

Title: Re: How could a WhatsApp hack compromise other apps on a phone as well?
Post by: evan_au on 17/07/2020 12:46:48

Quote from: OP

What kind of access and info they could (hackers) have?

In the early days of computing, any program that began executing could access any piece of information in any part of memory.
- Of course, in those days, computers weren't connected to the internet,
- so it was hard to get a rogue program into the computer
- and it was hard for a rogue program to send any information very far

Computers these days are much more secure - they have facilities like "virtual memory", so that a program (today's "app") can't see the data of any other program. Any attempt to access data outside its own space causes the program to be shut down.
- However, programs need to access various facilities of the smartphone, and phones provide interfaces to access these functions (like location, camera and microphone).
- I understand that Apple requires the user to give permission to access phone functions (and this basic level of security is checked before an app is allowed in the Apple App store).
- I understand that Android comes from a more "open source" philosophy, and it is easier for an app to access functions in the phone without the user knowing. There is also a lower bar for distributing Android apps - developers can distribute apps themselves.

In any case, hackers are continually trying new ways to gain access to the whole phone. In UNIX-based systems (including Apple and Android operating systems), the ultimate goal is to have your app recognized as "root", which has free access and control of everything on the phone.
- But even without seeing everything on the phone, hackers can still do a lot of damage...
- And since virtually all apps these days access the internet, it's easy to send anything you discover to anywhere in the world
- The other challenge for the hacker is to get someone to load the rogue program - it may be as simple as clicking on a whatsapp link from a Saudi Prince - or clicking on an email from a Nigerian prince.

See: https://en.wikipedia.org/wiki/Virtual_memory