WhatsApp users urged to update software after security breach
14 May 2019 | 0
users have been advised to update their software after the discovery
of ‘government grade’ malware that can hand over control of a
smartphone’s camera, microphone, messages and location data.
to a report in the Financial Times the exploit – described by parent
company Facebook – was discovered earlier earlier this month and a
fix was issued last Friday.
the exact number of users affected by the attack is unknown WhatsApp
told the Financial Times that “a number in the dozens would not
described the method of attack as follows: “A buffer overflow
vulnerability in WhatsApp VOIP stack allowed remote code execution
via specially crafted series of SRTCP packets sent to a target phone
number. The issue affects WhatsApp for Android prior to v2.19.134,
WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS
prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51,
WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen
prior to v2.18.15.”
the source of the attack has yet to be identified it is suspected the
software used in it was developed by Israeli spyware vendor NSO
Group. The company says its flagship Pegasus product is designed to
combat terrorism and is sold to governments and law enforcement
agencies. According to a report in The Verge, Pegasus is used in 45
countries and has been used to target dissidents, journalists and
human rights activists. In 2018 NSO spyware was used to track
journalists investigating a corruption scandal in Mexico.
has an estimated 1.5 billion users, many of which are attracted by
the messaging service’s end-to-end encryption. It is a messaging
platform of choice for many governments, journalists and human rights
International will file a petition
in an Israeli court today seeking to have NSO Group’s export licence
revoked to prevent is from selling its products overseas.