[ad_1]
The Facebook-owned messaging giant, WhatsApp, has confirmed a vulnerability that allows hackers to install spyware on smartphones.
While WhatsApp started life as a simple messaging application, it has expanded to all kinds of communications, including voice calls, that it has been offering since early 2015. According to a report in the Financial Times, The malicious code developed by the Israeli NSO-based cyber-intelligence company could be transmitted to users through a feat of WhatsApp's voice call feature. The code can be deployed whether the recipient has answered the call or not.
Facebook released this update late last night with more details on the vulnerability, stating:
A buffer overflow vulnerability in the WhatsApp VOIP stack allowed remote code execution through a specially crafted set of SRTCP packets that was sent to a target phone number.
National Statistical Offices based in Tel Aviv have long been mingled with the controversy over the development of mobile surveillance technology, which they sell to government agencies to "prevent and investigate terrorism and crime in order to save thousands of lives around the world. "
Several reports in recent years have indicated that the technology has been used to target journalists and human rights defenders. In 2016, Apple released an iOS update to fix a security hole after NSO technology was apparently used to target the iPhone's rights activist Ahmed Mansoor.
NSO's main product, Pegasus, is essentially spyware that can retrieve e-mail and text messages, track calls, access a device's location, and activate the phone's microphone and camera. . It should be noted that, although WhatsApp was used in this instance to distribute Pegasus, WhatsApp messages – which are encrypted – would not have been affected.
Timing
A spokesperson confirmed to VentureBeat that WhatsApp had discovered the vulnerability early May and started publishing a patch for its infrastructure late last week. Although this alarm fix alone had to address the vulnerability, the company still recommends users to update WhatsApp with the latest versions:
- WhatsApp for Android: v2.19.134
- WhatsApp Business for Android: v2.19.44
- WhatsApp for iOS: v2.19.51
- WhatsApp Business for iOS: v2.19.51
- WhatsApp for Windows Phone: v2.18.348
- WhatsApp for Tizen: v2.18.15.
"WhatsApp encourages users to use the latest version of our app and keep their mobile operating system up-to-date to protect against potential exploits targeted at compromising information stored on mobile devices," said spokesperson at VentureBeat. "We are constantly working with our industry partners to provide the latest security enhancements to protect our users."
This is a good time to announce this news, as the NSO faces legal problems in Israel over its sale of surveillance technology to governments that may abuse it. Amnesty International and New York University (NYU) today filed a petition in the Tel Aviv District Court in support of legal actions to revoke the NSO's export license.
"The Israeli Defense Ministry has ignored the growing evidence linking the NSO group to attacks against human rights defenders, which is why we support this case," said Danna Ingleton, deputy director of 39, Amnesty Tech. "The NSO Group sells its products to governments known for their outrageous human rights violations, giving them the tools to track activists and critics. As long as products like Pegasus are marketed without proper monitoring and control, the rights and safety of Amnesty International staff and those of other activists, journalists and dissidents around the world are under threat. "
According to Financial TimesA UK-based human rights lawyer was also targeted on Sunday while using the WhatsApp exploit. The lawyer is said to have helped journalists and other activists sue non-governmental organizations in Israel. It seems that the security measures introduced by WhatsApp last week could have prevented the success of the attack.
A WhatsApp spokesman confirmed that the company was confident that a number of people had been targeted in this manner. She informed several human rights organizations of the issue and also informed the US law enforcement agencies.
In a statement to the Financial TimesNSO has denied having any knowledge of the recent targets of the WhatsApp exploit.
"Under no circumstances would the NSO be involved in the operation or identification of targets of its technology, which is only exploited by intelligence agencies and law enforcement agencies," he said. the society. "The NSO would not use or be able to use its technology as of right to target a person or organization, including that person. [the U.K. lawyer]. "
[ad_2]
Source link