EDWARD LUCAS: The real scandal of the WhatsApp spy storm? How we're seduced by phone gimmicks to reveal our deepest secrets

• e-mail

Just imagine an intruder roams at will around your home, unnoticed. He rifles through your possessions, listens to your conversations and observes your most private doings.

That, in effect, is what has happened to users of the WhatsApp messaging system, after hackers exploited a software flaw to install ‘spyware’ developed by a secretive Israeli firm called NSO Group.

Such programs turn mobile phones into powerful tools of surveillance. They can switch on your phone’s camera and microphone without you knowing, track your movements and snoop on anything that appears on the screen or is typed into the keyboard.

Such programs turn mobile phones into powerful tools of surveillance. They can switch on your phone’s camera and microphone without you knowing (stock image)

NSO insists that the spyware, called Pegasus, is sold only to government agencies for use in strict accordance with the law.

But this assurance is little comfort given the brutal, lawless behaviour of authoritarian regimes. 

People who dismember their opponents with bone saws (the Saudis), lock them up in mind-control camps (Chinese), or poison them with nerve agents (Russians) are unlikely to flinch at interfering with people’s privacy. 

The full scale of the breach is as yet unknown, and few of those affected — WhatsApp has 1.5 billion users — expect any compensation.

The bitter truth is that when you start using a new technology, you sign away your rights and privacy.

Most worryingly, WhatsApp is not a gimcrack product of some ingenious start-up. For five years, it has been owned by Facebook, the world’s biggest social media company.

The full scale of the breach is as yet unknown, and few of those affected — WhatsApp has 1.5 billion users — expect any compensation (stock image)

So how have we ended up in this plight?

The answer is people’s reckless appetite for novelty and convenience, coupled with a complacent and cheapskate approach to security.

Mobile phones were initially marketed as handy devices for making calls on the move. 

Next came the ability to send and receive text messages. Many users were happy with just these capabilities. But those days are long gone. 

Modern smartphones are far more powerful than a full-size desktop machine of a few years ago. The processing power and memory of even the humblest model dwarfs anything the Apollo astronauts had at their disposal.

For many of us, it is no exaggeration to say that they run our lives.

Mobile phones were initially marketed as handy devices for making calls on the move (stock image)

Our phones have become such intimate companions, it is difficult to imagine being without them. We entrust them with our secrets. They know with whom we communicate, when, where and why.

Yet no less astonishing than these devices’ capabilities are their security weaknesses. At the touch of a button, we can install all kinds of apps — programs that promise to make life easier or more enjoyable.

But, at the same time, we are opening windows onto our private lives.

I have just installed PlantSnap — a brilliant, free way of identifying plants and flowers. You can take a picture, upload it and, within a second or two, some unseen computer tells your phone what plant you are looking at.

Yet even I, who takes cyber-security very seriously, did not check who was behind this innocent-seeming app. For all I knew, it could contain hidden surveillance software. (As far as I can see, it doesn’t.)

The truth is, WhatsApp’s woes are just the tip of the iceberg.

At the touch of a button, we can install all kinds of apps — programs that promise to make life easier or more enjoyable (stock image)

Modern software and hardware are so fiendishly complicated, and designed with such little attention to security, that nothing is truly secure.

Shockingly, weak security is not the only problem that’s consuming WhatsApp. The messaging system is also implicated in the spread of scare stories and fake news.

False rumours that Metro Bank was heading for bankruptcy sparked a panic among depositors in some parts of London last weekend.

And in India and Pakistan, disinformation spread via WhatsApp has helped to form lynch mobs, with lethal results. 

Innocent people wrongly accused of offending religious sensibilities — such as eating beef, which outrages strict Hindus — have been hacked to death. 

In Pakistan, mob vengeance on Christians wrongly accused of blasphemy has been incited over WhatsApp.

How ironic, too, that, despite the security flaws that allowed Pegasus to infiltrate the network, WhatsApp itself cannot monitor material its users are sending — including abusive or extremist content — because messages are encrypted.

By contrast, Twitter, YouTube and Facebook can police the material publicly shared on their platforms.

In effect, WhatsApp is blind to the abuse of its system.

Of course, the intelligence services can use spyware such as Pegasus to get inside individual devices. But they need to know who to investigate.

In Pakistan, mob vengeance on Christians wrongly accused of blasphemy has been incited over WhatsApp (stock image)

Despite a well-connected friend warning me months ago that WhatsApp was insecure, I was unconcerned. My family’s use of the platform consists chiefly of group messaging in which we pester each other about dog-walking, shopping and other chores.

For more sensitive material, such as my work on Russia and China, I use other software: Signal for messaging and ProtonMail for email. 

But with WhatsApp in effect leaving the front door open to Pegasus and other forms of surveillance, there is little point in such precautions.

Your information can traverse the internet with military-grade encryption — but its journey still starts and finishes on a computer or phone that can be hacked.

In short, if someone looking over your shoulder can read your screen, so can spyware hiding inside your device.

WhatsApp’s problems chiefly relate to the privacy of us as individuals. Of far greater national concern is the potential for widescale espionage and the sabotage of our networks by hostile foreign powers.

Central to these concerns is the notorious Chinese technology giant Huawei, which is a world leader in making the hardware needed for mobile communication. Its ownership is murky and its products — according to British intelligence — are dangerously ramshackle.

But our Government has declined to follow the U.S., Australia and other allies in banning Huawei from the next generation of mobile phone communications, the so-called 5G standard. 

False rumours that Metro Bank was heading for bankruptcy sparked a panic among depositors in some parts of London last weekend (stock image)

This will bring together not just individuals, but household devices, industrial systems, infrastructure and other parts of modern life.

Yet, as the rumpus over WhatsApp shows, our computers and networks are already dangerously vulnerable. Do we really want to adopt technology from a company whose ultimate masters are the Chinese Communist Party?

It is hard to see how we can defend ourselves or our society. We can uninstall WhatsApp from our phones — but the intruders will find another way of breaking into them.

We could try forswearing electronic communication altogether. For their most sensitive material, Eastern and Western spy agencies are returning to the days of manual typewriters, cardboard files and carbon paper: these physical items are harder to steal than digital data.

But, for most of us, pen and paper — along with cash and landline telephones — are increasingly impractical.

Of course, our competitiveness as a country requires us to embrace new technology. The price we pay is to risk our privacy and our security.

We have stumbled into a new world of seamless electronic communication, one that offers huge opportunities to our foes and rivals — and with no way back.

Edward Lucas is the author of Cyberphobia: Identity, Trust, Security And The Internet.