1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

WhatsApp vulnerability allowed spyware to infiltrate phones

By Humza ยท 4 replies
May 14, 2019
Post New Reply
  1. WhatsApp is used by over 1.5 billion people and remains one of the most popular messaging and VoIP service. While it does offer "Security by Default" in the form of end-to-end encryption, there will always be vulnerabilities existing in the wild that keep companies leapfrogging one another in the form of exploits and security patches.

    One such incident took place earlier this month when a vulnerability in WhatsApp was discovered that allowed infiltration of spyware onto phones and thus use the recipient's camera, mic, location and messaging information as part of a 'targeted' surveillance attack.

    The details of this vulnerability surfaced in a report from The Financial Times. While the perpetrators are yet to be identified, a Middle Eastern country is currently under suspicion, known for suppressing criticism of its human rights practices as the targets of this attack seem to be human rights lawyers and activists. According to WhatsApp, the attack targeted a "select number" of users, planned by "an advanced cyber actor."

    "This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems," WhatsApp said in a statement. "We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society."

    The NSO rejected any involvement in this act and said "Under no circumstances would NSO be involved in operating or identifying of targets of its technology."

    WhatsApp, which is owned by Facebook, also published an advisory to security specialists in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of STRCP packets sent to a target phone number."

    The flaw has since been fixed and the company delivered a server-side fix on May 10th and its engineers worked through Sunday to release the patched versions of its app on May 13th. As always you can download the latest version of WhatsApp right here.

    Permalink to story.

     
    Last edited by a moderator: May 14, 2019
  2. Capaill

    Capaill TS Evangelist Posts: 829   +439

    "Under no circumstances would NSO be involved in operating or identifying of targets of its technology."
    Maybe it's bad English but the statment sounds more like they are saying that they won't identify targets of their technology.
     
  3. netman

    netman TS Addict Posts: 250   +72

    Instagram, WhatsApp and facebook are nothing but NSA fronts!
     
  4. SeekerJBP

    SeekerJBP TS Rookie

    Well their customers include Mexico, Saudi Arabia (right before MSB had his family all arrested and killed a journalist whose friend had this virus on his phone), Turkey, Bahrain, and more. They do not sell to good people, or people doing good. They sell to criminal governments, dictators, and despots. It has been used in attacks on human rights groups and journalists. Look up NSO Group on Wikipedia for more info.

    https://en.wikipedia.org/wiki/NSO_Group
     
    Last edited: May 14, 2019
  5. Markoni35

    Markoni35 TS Enthusiast Posts: 80   +37

    Again, it's the Israelis. They are always involved in hacking, stealing, even when medical or nuclear equipment is in question. But they never get punished for that. If those were Iranian hackers, there would already be a drone strike on Iran.
     
    SeekerJBP likes this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...