May 14th 2019
WhatsApp users have been advised to update their app, following a hack which enabled cybercriminals to remotely install surveillance software on phones and other devices on which it is downloaded.
WhatsApp had said that the attack, which targeted a “select number” of users, was carried out by “an advanced cyber actor”.
A fix was issued on Friday, and we advise all users to update WhatsApp, which can be done quickly and easily in the app store for their devices. The fix is contained within the update.
The app, which is owned by Facebook, has some 1.5 billion users worldwide.
How the WhatsApp exploit works
Discovered earlier this month, the attack involved exploiting a flaw to install the Israeli-made spy software via a WhatsApp voice phone call, even if the call was not picked up by the user. Often, the call would disappear from the device’s call log, so no visible trace was left.
In a journalist briefing, WhatsApp said: “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
It has described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
The surveillance software is a product of Israeli firm NSO Group, which has issued the following statement: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”
A court in Tel Aviv, Israel, will today hear a petition led by Amnesty International that calls for the country’s Ministry of Defence to revoke the group’s licence to export its products.