WhatsApp has urged all of its 1.5 billion users to update
their apps as a precautionary measure against an attack that targeted a “select
number” of users.
WhatsApp describing the attack, said “a buffer overflow
vulnerability in WhatsApp VOIP stack allowed remote code execution via
specially crafted series of SRTCP packets sent to a target phone number”.
The issue affected WhatsApp for Android prior to v2.19.134,
WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to
v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows
Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
“The attack has all the hallmarks of a private company
reportedly that works with governments to deliver spyware that takes over the
functions of mobile phone operating systems,” the company said on Monday in a
briefing document note for journalists.
Hackers were able to remotely install surveillance software
on phones and other devices using the vulnerability in the messaging app.
It involves attackers using WhatsApp’s voice calling
function to ring a target’s device. Even if the call was not picked up, the
surveillance software would be installed, and, the FT reported, the call would
often disappear from the device’s call log.
Meanwhile, NSO Group, an Israeli company that has been
referred to in the past as a “cyber arms dealer”, has been said to be behind
the software.
Its flagship software, Pegasus, has the ability to collect
intimate data from a target device, including capturing data through the
microphone and camera, and gathering location data.
In a statement, the group said: “NSO’s technology is
licensed to authorised government agencies for the sole purpose of fighting
crime and terror.
“The company does not operate the system, and after a
rigorous licensing and vetting process, intelligence and law enforcement
determine how to use the technology to support their public safety missions. We
investigate any credible allegations of misuse and if necessary, we take
action, including shutting down the system.
“Under no circumstances would NSO be involved in the
operating or identifying of targets of its technology, which is solely operated
by intelligence and law enforcement agencies. NSO would not or could not use
its technology in its own right to target any person or organisation.”
WhatsApp said it was too early to know how many users had
been affected by the vulnerability, although it added that suspected attacks
were highly-targeted.
Meanwhile, a fix was rolled out on Friday, and the firm
expects all of its 1.5 billion users to update their WhatsApp as a
precautionary measure.
Click to signup for FREE news updates, latest information and hottest gists everyday
Advertise on NigerianEye.com to reach thousands of our daily users
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com