WhatsApp

WhatsApp users urged to update software after security breach

Israeli company suspected of developing exploit that hands over control of smartphones
Life
Image: IDGNS

14 May 2019

WhatsApp
users have been advised to update their software after the discovery
of ‘government grade’ malware that can hand over control of a
smartphone’s camera, microphone, messages and location data.

According
to a report in the Financial Times the exploit – described by parent
company Facebook – was discovered earlier earlier this month and a
fix was issued last Friday.

While
the exact number of users affected by the attack is unknown WhatsApp
told the Financial Times that “a number in the dozens would not
be inaccurate”.

 

advertisement



 

Facebook
described the method of attack as follows: “A buffer overflow
vulnerability in WhatsApp VOIP stack allowed remote code execution
via specially crafted series of SRTCP packets sent to a target phone
number. The issue affects WhatsApp for Android prior to v2.19.134,
WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS
prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51,
WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen
prior to v2.18.15.”

While
the source of the attack has yet to be identified it is suspected the
software used in it was developed by Israeli spyware vendor NSO
Group. The company says its flagship Pegasus product is designed to
combat terrorism and is sold to governments and law enforcement
agencies. According to a report in The Verge, Pegasus is used in 45
countries and has been used to target dissidents, journalists and
human rights activists. In 2018 NSO spyware was used to track
journalists investigating a corruption scandal in Mexico.

WhatsApp
has an estimated 1.5 billion users, many of which are attracted by
the messaging service’s end-to-end encryption. It is a messaging
platform of choice for many governments, journalists and human rights
activists.

Amnesty
International will file a petition
in an Israeli court today seeking to have NSO Group’s export licence
revoked to prevent is from selling its products overseas.

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie