The recent espionage case via WhatsApp that involved some Italian journalists, including the director of Fanpage Francesco Cancellato and the founder of the NGO Mediterranean Saving Humans Luca Casarinipaid attention to the ability of advanced spyware tools like Graphite – the much talked about software developed by the Israeli company Paragon Solutions – to penetrate mobile devices without the user doing anything. This type of attack, known as zero-clickis particularly insidious because it does not require any interaction from the victim: You don’t have to click on suspicious links or download compromised attachments to be infected. Once installed, the software guarantees total access to messages, photos, videos, contacts and can even transform the phone into an environmental microphone to listen to the conversations of others remotely. The company has terminated the contract with the Italian government, but defending itself from these IT attacks is not at all simple, but some security measures can be implemented.
What is the Graphite Spyware of Paragon Solution and how the software works
The software Graphite falls within a large category of spyware marketed for intelligence and national security activitiesoften sold to governments and government agencies. According to the British newspaper The GuardianThe Paragon company would have at least 35 government customers in democratic countries, however excluding nations such as Greece, Poland, Hungary, Mexico and India, which in the past have been accused of abusing similar tools. This does not exclude that surveillance software is also used in non -legitimate contexts, as evidenced by the case of Pegasusthe notorious spyware developed by another Israeli company, NSO Groupwhich in 2019 He had aroused a huge sensation since he had been used to infiltrate the phones of journalists, activists and politicians all over the world.
The similarity between Graphite and Pegasus is not limited to technical skills. Both exploit vulnerability in operating systems and messaging applications such as WhatsApp and Signal To get around the end-to-end encryption and access the content of communications. This happens without leaving obvious traces and makes the detection extremely difficult, even for users most attentive to online safety.
But exactly, how zero-click attacks work? Traditionally, to infect a device, an attacker must deceive the user to click on a malicious link or download a compromised file. With a zero-click attack things are differently. Malware uses an existing vulnerability in the device software to settle automatically. For example, a flaw in the messages management system could allow a hacker to send an MMS or a structured data package in order to perform harmful code just received, without the user composes any action. This type of attack often affects messaging and communication applications because, to work, they must accept and interpret data from external sources.
The vulnerabilities exploited by zero-click attacks are called zero-dayas these are security bellies not yet known by the software manufacturer and, for this reason, not yet correct. Precisely because they are not yet known vulnerabilities, attackers can take advantage of them immediately, leaving companies called to develop the necessary security patches literally “zero days” useful to correct them. That’s why they are called zero-day.
Taking into account the “preciousness” of these vulnerabilities for IT criminals, they keep them secret as long as possible, selling them to governments and intelligence agencies to lucce us (and not a little) or using them for targeted espionage operations. For this reason, Zero-click attacks are generally very sophisticated and difficult to replicate on a large scalebut not for this reason they are impossible to perpetrate also to the detriment of ordinary users and not only to publicly exposed characters, such as investigating journalists and activists can be.
One of the reasons why these attacks are so dangerous is theirs ability not to leave obvious traces. When a device is infected with spyware of the caliber of Graphite, the attacker gets full access to the data and can read, edit, delete messages and files, in addition to monitoring the position of the phone and activate the microphone without the victim noticing it .
How to know if WhatsApp is the victim of a spyware and how to protect yourself
Now the time has come to face the notorious “elephant in the room”: How do we know if WhatsApp is spied on? Since Zero-Click attacks are extremely difficult to intercept, it is not said that the advice we are about to give you are enough to understand how things are in your case, but they can certainly represent a good starting point.
- Unusual noise or notification: If the phone vibrates without receiving any notification, you would do well to investigate the incident by looking for any spy software.
- Temperature increase: Spy apps can excessively use the device’s hardware resources, causing overheating.
- WhatsApp slowed: If the messaging app is not reactive as usual, you may be suspicious. This could happen due to the excessive use of RAM by a spy application running in the background.
- The battery is quickly downloaded: Excluding software and hardware problems that concern the battery of your phone, if this is quickly downloaded (although not having stressed it excessively with the use of the device), you would do well to keep yourself.
For prevent WhatsApp from being spied onyou can try to take the following security measures.
- Keep always updated the operating system and applications. Even an update that you believe in “minor” importance can make a difference, if installed promptly.
- Activate the Check in two steps on WhatsApp (you can do it by going to the section Settings> Account> Check in two steps of the app) and periodically check the devices connected to your account to detect any suspicious accesses (the latter operation is feasible by going to the section Settings> Devices connected by WhatsApp).
- If possible, Avoid connecting to unprotected public wi-fi networks: They are much more dangerous than you can imagine.
- Download apps only from official sources (Therefore Play Store And App Store) And Uninstall all the apps you don’t use anymore.
We reiterate: in front of Zero-Click Spyware attacks, like those who affected Francesco Cancellato and Luca Casarini, these tips may not be enough, but this does not diminish the importance of adopting them anyway.
