The Google Chrome and Whatsapp application have recently updated their products with new features, and I would like to inform you about those features so you can adapt your security environment to the latest attack vector which might target your company environment.
Attack vector: WhatsApp
The Whatsapp application has been bought last year by Facebook, this means that millions of people around the world are using the Whatsapp application for their personal and business environments. Users can use the Whatsapp application to send messages, pictures and videos, but since recently it is also possible to perform Call conversations via the Whatsapp application. The Whatsapp application allows the users to VOIP to mobile whatsapp users all around the world.
The new feature could be used by cybercriminals to steal information from unaware users. The cybercriminals can infect the Android or iPhone Smartphone with malware, which will start the VOIP protocol on the mobile phones – the cybercriminals will then use the VOIP protocol to receive and send commands and data.
Attack vector: Google Chrome
The second update I want you to be informed about is the Google Chrome update which allows users to take Snapshots of themselves. The new Google Chrome update has been dubbed “ChromeSelfie” and it can be found in the settings tab of the latest Google Chrome version on smart phones.
The ChromeSelfie applications allows the user to use the device as a “Snapshot tool”, this means that the user is able to take pictures and send them directly to social media networks. This technique might be abused by cybercriminals which are active within the company. The Chrome browser is one of the most common browsers to have in your smart phone device, so it will not appear dangerous on first sight, but please inform your users about these updates and make sure that you adjust your security policy so it will prevent the noted actions above.