Expert comment: WhatsApp hacking

Professor Karim Ouazzane, Professor of Computing and Knowledge Exchange, offers his insight into the recent WhatsApp hacking.

Date: 14 May 2019

“This kind of cyber incidence is common as there is a big flaw within communication devices; the current vulnerability scanners can spot cyber malicious attacks if it is related to technical vulnerability (e.g. SQL injections) however it is difficult to spot attacks which occur at the business logic level which is called logical vulnerability.

“Therefore, in my view, bridging the gap between technical and logical vulnerability will minimise risks such as this. This is an ongoing research at the Cyber Security Research Centre in partnership with Lloyds bank.

“Also, current processes for penetration testing, vulnerability scanning and threat modelling have failed to deliver a complex strategy for removing vulnerabilities. The cross channel and multi-media methods by which, for example, customers interact with the organisations services allow for high number of permutations to both customers and cyber criminals to navigate.

“This complexity has led to long standing vulnerabilities being hidden from conventional testing techniques only to be discovered once exploited by criminals such as the Israeli firm.

“Furthermore, obtaining intelligence that is relevant to the specific threats to organisations such as Microsoft in the world in a timely fashion is becoming a significant challenge as threat intelligence industry is still not well developed.

“In my opinion, automating a system using a combination of AI, machine learning and expert systems with logical vulnerability threat solutions is imperative to stop cyber-crimes such as this one.”