WhatsApp vulnerability allowed government-grade spyware to be installed on phones

WhatsApp has closed a vulnerability which allowed spyware to be installed via voice call

WhatsApp has closed a vulnerability which allowed spyware to be installed via voice call

WhatsApp said that the vulnerability was discovered this month and that the company quickly addressed the problem within its own infrastructure, publishing an update on Monday.

According to Financial Times, the surveillance software was developed by Israeli cyber service NSO Group.

An advisory from Facebook describes the vulnerability (CVE-2019-3568): "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number".

The Spyware would have been used in at least 45 countries around the world but according to WhatsApp, it would have been addressed to a limited number of users, mainly due to the complexity of the attack. While it does offer "Security by Default" in the form of end-to-end encryption, there will always be vulnerabilities existing in the wild that keep companies leapfrogging one another in the form of exploits and security patches.

WhatsApp said the vulnerability has been fixed, but is urging users to update the app to its most recent version to provide the highest level of security.

The Financial Times first reported details of the vulnerability.

A WhatsApp spyware attack that targeted human rights activists has clear links to a company known to help governments snoop, the messaging app firm said in a statement.

The messaging company said it has briefed human rights organisations on the finding, and notified USA law enforcement to help them conduct an investigation.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology", the company said. It is believed that was also the case here and the attack was used against specific targets.

In 2016, Emirati human rights activist, Ahmed Mansoor, reported being targeted with Pegasus spyware.

The company, which has some 1.5 billion users worldwide, has been in contact with a number of human rights organisations to share information on the incident, as well as United States law enforcement to assist in conducting an investigation.

"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the United Kingdom lawyer)". An update to the app was published Monday, and the company is encouraging users to upgrade out of an abundance of caution. If you have not already done so you can download the update to WhatsApp from the Play Store using this link.

Notícias recomendadas

  • Georgios Papanikolaou: Papa of the Pap Smear

    Georgios Papanikolaou: Papa of the Pap Smear

    He wished to develop the Papanicolaou Cancer Research Institute at the University of Miami, which he did not accomplish. If you've looked anything up today, you might have wondered why Google's logo features a sketch of a scientist.
    At least 1 Muslim killed in riots: Sri Lankan minister

    At least 1 Muslim killed in riots: Sri Lankan minister

    Muslim residents in parts of the country's North Western Province accused the police and army of standing by while mobs attacked. In this Sunday, May 12, 2019, photo, Sri Lankan soldiers stand guard at the entrance to Good Shepherd convent and the St.
    US Treasury Chief to Plan for Trade Meeting in China Soon

    US Treasury Chief to Plan for Trade Meeting in China Soon

    Today is another light economic report day, in the U.S., FOMC Member Williams is scheduled to speak along with FOMC Member George. Commodities targeted by Chinese tariffs - including soybean and cotton futures - also reversed losses.
  • Keanu Reeves sinks hands, feet at Hollywood’s Chinese Theatre

    Keanu Reeves sinks hands, feet at Hollywood’s Chinese Theatre

    You may watch Keanu Reeves and Stephen Colbert discuss the topic and the rest of the interview in the video player below. Keanu Reeves has officially been memorialized at the TCL Chinese Theatre! Do you agree that it was the ideal answer?
    Pompeo tells Russia: Don't meddle in next US  presidential election

    Pompeo tells Russia: Don't meddle in next US presidential election

    Lavrov said the Mueller report and "baseless" allegations of Putin-Trump collusion in the 2016 election had "frozen" the relationship.
    San Francisco bans use of facial recognition technology by police

    San Francisco bans use of facial recognition technology by police

    The technology has been credited with helping police capture risky criminals, but also criticized for mistaken identifications. Additionally, any plans to buy any kind of new surveillance technology must now be approved by city administrators.
  • HP unveils the Omen X 2S, a dual-screen gaming laptop

    HP unveils the Omen X 2S, a dual-screen gaming laptop

    The new heat system enables heat dissipation at 10 times the thermal conductivity of silicon thermal grease. Personally, I'm more interested in seeing what HP's other newly-announced gaming laptops are capable of.
    Italian Open: Caroline Wozniacki withdraws from first-round match with injury

    Italian Open: Caroline Wozniacki withdraws from first-round match with injury

    In Tuesday's statement, the 23-time Grand Slam victor insisted she would still be competing in the French Open later in May. This is not the first time this year that Williams has withdrawn from a tournament.
    Orioles take 4-game slide into matchup with Angels

    Orioles take 4-game slide into matchup with Angels

    He gave up four runs on five hits in 4 2/3 innings and struck out six but walked four and allowed three homers. The Orioles will look to stop a four-game losing streak as John Means (4-3, 2.48) starts the finale.
  • Texas police officer kills woman during arrest attempt

    Texas police officer kills woman during arrest attempt

    Baytown Police have reportedly claimed the woman was shot after she grabbed the officer's Taser and used it on him. Dorris has said that in addition to this bystander video, there is likely also video from the officer's bodycam .
    ‘Black Mirror’ Season 5 Trailer Released

    ‘Black Mirror’ Season 5 Trailer Released

    Now we can confirm at least the former two since fans are getting to see a mysterious new photo from the upcoming Season 5. Text in the trailer specifically refers to " three new stories ", which suggests this might be an incredibly short season.
    Critical security flaw in Windows 7 and Windows XP

    Critical security flaw in Windows 7 and Windows XP

    This update is available normally via Windows Update, and you don't have to be in the Windows Insider program to receive it. While you're patching that, there's a lot of other stuff to fix in the Patch Tuesday update.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.