[ad_1]
HAVANA TIMES – A vulnerability that infects phones with spyware has been identified in the WhatsApp messaging application, reports the Committee to Protect Journalists (CPJ) Tuesday. The attack targets Android and iPhone users and involves calling users via WhatsApp. Targeted people report receiving a series of missed calls from an unknown number, followed by the blocking of the application, said researchers from the Toronto Citizen Lab at the Financial Times, which reported for the first time the vulnerability.
The researchers claimed to believe that the spyware attack was related to the same vulnerability that the WhatsApp engineers were trying to fix. Computer scientists said spyware has the characteristics of Israeli NSO technology, the New York Times reported. NSO has created Pegasus, a spyware for mobile devices that Citizen Lab has detected in more than 45 countries.
Spyware detected in WhatsApp can still be installed on a person's phone even if they do not answer the call, and the unknown number is not always recorded in the call log, the researchers said. It is not clear at this point if the spyware is contained in the application or if it could infect the entire phone. CPJ found that such spyware often allowed attackers to access contacts, messages and the microphone of an infected phone.
Although there is currently no public data on the number of infections, journalists could be among those affected. The WhatsApp vulnerability would have been used in an attempt to attack a UK-based human rights lawyer, who sues NSO on behalf of Mexican journalists and who was not named in reports, according to reports.
In a statement to the Financial Times, WhatsApp said the investigation was underway and recommended users to update the latest version of the application "to protect themselves against possible targeted exploits designed to compromise the information stored on mobile devices ".
An INS spokesperson told CPJ by e-mail: "The NSO's technology is licensed to accredited government agencies for the sole purpose of fighting crime and terrorism. The company does not operate the system. After a rigorous licensing and auditing process, intelligence services and law enforcement determine how to use this technology for their public safety missions. We investigate any credible allegation of abuse and, if necessary, take action, including stopping the system. "
The spokesman added: "Under no circumstances will the NSO be involved in the exploitation or target identification of its technology, which is only exploited by intelligence agencies and forces. of order. NSO would not use or could not use its technology as such to target a person or organization, including that person. "
Journalists who think they have been targeted should take the following steps:
-Take screenshots of all missed calls from unknown numbers on your WhatsApp account.
-Update WhatsApp to the latest version of the application. You should receive a notification from WhatsApp to do it.
-Update the operating system of your phone with the latest version.
– If you are unable to update the latest version of WhatsApp, uninstall it until you can do it.
-Follow your suspicious activity on your WhatsApp account.
-Pass the Signal messaging app if you are worried about being targeted.
Journalists who are concerned about this vulnerability should stop using their phone, turn it off, and keep it in a metal drawer or Faraday bag, a material pouch that blocks wireless signals.
CPJ works alongside our partners to understand the full scope of the threat. If you think you have been targeted, please contact our Emergency Response Team by sending an email to [email protected].
For more information on digital security, see the CPD Digital Security Note and see the digital security information included in our resource center.
[ad_2]
Source link