Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

hack whatsapp account

Whatsapp has recently patched a severe vulnerability that was
being exploited by attackers to remotely install surveillance
malware on a few “selected” smartphones by simply calling the
targeted phone numbers over Whatsapp audio call.

Discovered, weaponized and then sold by the Israeli company
NSO
Group
[1] that produces the most
advanced mobile spyware on the planet, the WhatsApp exploit
installs Pegasus spyware on to Android and iOS devices.

According to an advisory
published by Facebook, a buffer overflow vulnerability in WhatsApp
VOIP stack allows remote attackers to execute arbitrary code on
target phones by sending a specially crafted series of SRTCP
packets.
[2]

Apparently, the vulnerability, identified as CVE-2019-3568,
can successfully be exploited to install the spyware and steal data
from a targeted Android phone or iPhone by merely placing a
WhatsApp call, even when the call is not answered.

Also, the victim would not be able to find out about the
intrusion afterward as the spyware erases[3] the incoming call
information from the logs to operate stealthily.

Though the exact number of targeted WhatsApp users is not yet
known, WhatsApp engineers did confirm that only a “select number”
of users were targeted by the NSO Group
spyware
[4] using this
vulnerability.

Meanwhile, Citizen Lab, a watchdog group at the University of
Toronto which is investigating NSO Group’s activities, believe[5] the vulnerability was
used to attack a UK-based human rights lawyer as recently as
Sunday.

NSO Group’s Pegasus spyware
allows attackers to access an incredible amount of data from
victims’ smartphones remotely, including their text messages,
emails, WhatsApp messages, contact details, calls record, location,
microphone, and camera—all without the victims’ knowledge.
[6]

The nasty spyware has previously been used against human rights
activists and journalists
[7], from Mexico[8] to the United Arab
Emirates
[9], and Amnesty
International staffers in Saudi
Arabia
[10] and another Saudi human
rights defender based abroad earlier last year.

The vulnerability affects all except the latest version of
WhatsApp on iOS and Android, meaning the flaw affected all 1.5
billion people using WhatsApp until yesterday when Facebook finally
patched the issue.

“The issue affects WhatsApp for Android prior to v2.19.134,
WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS
prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51,
WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for
Tizen prior to v2.18.15,” Facebook says.

WhatsApp engineers discovered the vulnerability earlier this month
and alerted the Department of Justice of the issue. They encourage
users on both iOS and Android to update their apps to the latest
version of the popular messaging app as soon as possible.

References

  1. ^
    NSO Group
    (thehackernews.com)
  2. ^
    advisory
    (www.facebook.com)
  3. ^
    erases
    (www.ft.com)
  4. ^
    NSO Group spyware
    (thehackernews.com)
  5. ^
    believe
    (twitter.com)
  6. ^
    Pegasus spyware
    (thehackernews.com)
  7. ^
    human rights activists and
    journalists
    (thehackernews.com)
  8. ^
    Mexico
    (thehackernews.com)
  9. ^
    United Arab Emirates
    (thehackernews.com)
  10. ^
    Saudi Arabia
    (thehackernews.com)

Read more

Leave a Reply