I have just written about the information leak at NHS Lanarkshire because of the use of WhatsApp and I regularly talk about rogue Android apps that get into the Google Play Store – here I bring both of them together. A rogue app that steals WhatsApp user data:
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
To make things worse the rogue app was called “SafeChat”!
Your takeaway from this should be
Make sure your people know what the approved channels are for exchanging sensitive information both internally and externally and with third parties. You need a policy.
Also you need a policy for both company owned devices and personal devices that are BYOD devices, that at the very least proscribes how company information is dealt with on these devices.
Clive Catton MSc (Cyber Security) – by-line and other articles