WhatsApp is urging users to update to the latest version of WhatsApp ASAP, after it was revealed that WhatsApp spyware – believed to be the handiwork of Israeli cyber company NSO – has been installed on countless phones.
WhatsApp Statement on WhatsApp Spyware
The WhatsApp statement on the issue says that “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”
NSO, who denies involvement, is perhaps best (or at least most recently) known for their Pegasus software, which was implicated in the events leading up to journalist Jamal Khashoggi’s death. In that case it is believed that Pegasus was installed on the phone of a friend of Khashoggi’s, Omar Abdulaziz, when Abdulaziz clicked on a link in a fake DHL text message. Once Pegasus was installed on his phone it allowed the Saudis to spy on his communications with, and thus lead them to, Khashoggi.
Now NSO is suspected of creating the spyware that has been installed on an unknown number of WhatsApp phones. In a statement to the Financial Times, an NSO spokesperson said that “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”
|Get notified of new Internet Patrol articles for free!
While it is believed that the spyware is targeting journalists (sound familiar?) and advocates, the installation vector is so simple that WhatsApp and Facebook are urging everyone to install the WhatsApp update, to ensure that their phone is not infected.
How the WhatsApp Spyware is Transmitted to the Target Phone
Here’s how simple it is to infect a phone with WhatsApp installed:
1. The person who is targeting someone with the spyware calls the target’s phone with WhatsApp via their VoIP connection.
2. There is no 2. That’s how simple it is. The target doesn’t even have to answer the phone.
Because the call is going over the Internet (VoIP stands for Voice Over Internet Protocol), it turns out that it is very easy to send the spyware from the originating phone to the target’s phone.
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Last Updated: 2019-05-13
Again, all persons who have WhatsApp installed on their phones are urged to update the app immediately.
Or, you know, uninstall it.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!