Sunday, 26 May 2019
Latest news
Main » Yikes, WhatsApp exploit allowed spyware to be installed with a phone call

Yikes, WhatsApp exploit allowed spyware to be installed with a phone call

15 May 2019

The lawyer acted for a Saudi dissident who had sued NSO Group for selling its software to repressive regimes in the Middle East.

The vulnerability affected users of WhatsApp on all platforms, meaning you need to update your app immediately if you still have one of the versions prior to the following.

NSO said its technology was licensed to government agencies "for the sole goal of fighting crime and terror", adding that those agencies determine how the technology is used without any involvement from the company. The app has now created a new update for all users to use. The Citizen Lab at the Munk School of Global Affairs, part of the University of Toronto, has been researching the NSO Group and the abuse of its spyware since 2016 and determined that the company "fails to engage in adequate due diligence concerning the sale of their Pegasus spyware and its human rights impacts", according to a letter dated February 28, 2019.

WhatsApp said that the vulnerability was discovered this month and that the company quickly addressed the problem within its own infrastructure, publishing an update on Monday.

More news: Asians most heavily represented ethnic minority in United Kingdom rich list

WhatsApp is urging users to update their apps after the messaging service was hacked.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits created to compromise information stored on mobile devices", said WhatsApp in a statement.

If you received a unusual phone call on your WhatsApp in recent weeks, you may have been the victim of a cyber crime - even if you didn't answer the call.

Researches at Citizen Lab estimate that NSO tools have been used by at least 45 countries - including the USA and the United Kingdom - to spy on civilians.

More news: Sri Lanka clashes kill one; imposes nationwide curfew after mosques attacked

WhatsApp has briefed human rights organisations on the matter, but did not identify them.

WhatsApp said the attack has the hallmarks of a private company that works with governments to deliver spyware, which takes over control of mobile phone operating systems.

Under My apps and games, tap update next to WhatsApp Messenger.

Several human rights lawyers and campaigners were targeted by the spyware, known as Pegasus.

More news: Madonna Defends Decision to Perform at Eurovision in Israel

Whatsapp, which is owned by Facebook, also published an advisory to security specialists in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of STRCP packets sent to a target phone number". For those using iPhones, open the App Store, select updates, select WhatsApp and then hit Update.

Yikes, WhatsApp exploit allowed spyware to be installed with a phone call