WhatApp has a buffer overflow flaw that can be exploited by remote attackers to install spyware in targeted device by simple WhatsApp call. You even need not to answer the call. It can be hacked by simply a WhatsApp missed call.
WhatsApp is a freeware popular messaging app owned by Facebook. It allows sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location. It supports end-to-end encryption. It is cross platform messaging app, means you can use this messaging app in various platforms including Android, iPhone, Windows smartphone, Windows PCs and Mac. According to Wikipedia by February 2018 WhatsApp had over one and a half billion users worldwide.
WhatsApp had a zero-day flaw, which is now fixed by Facebook that can be exploited to deploy spyware on phones by calling targeted device. And it is said that the incoming calls have disappeared from logs. This vulnerability can be tracked as CVE-2019-3568. It is a buffer overflow vulnerability in WhatsApp VOIP function. As per zdnet’s report published on 14 May attacker need to call the target device and send rigged Secure Real-time Transport Protocol (SRTP) packet to the phone. It would allow the attackers to use the memory flaw in WhatsApp’s VOIP function to inject spyware and attackers would be able to control the device remotely.
Versions Affected: – The vulnerability affects the following versions that include WhatsApp for Android before v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Spyware Details: – The Financial Times reports that the spyware in question was developed by Israeli Cyber Intelligence Company NSO group. NSO Group is accused of selling spyware to government agencies to spy on human rights group, activists, lawyers and journalists. Do you know anything about Pegasus and Chrysaor? These are spyware tool developed by this NSO group for iOS and android respectively. The spyware can record your WhatsApp conversations, steal your private messages, steal your photos, collect location data. The spyware in question can turn your phone’s mic and camera remotely.
Who are the target: – Facebook has not revealed the identity of the entity exploiting this vulnerability, but described the entity as an ‘advanced cyber actor’. The targeted group were selected, very low number of people are targeted. On 12 May an unnamed lawyer from United Kingdom was affected. We still don’t know how many users are affected, Facebook says only a small number of users are affected.
Patch: – Facebook fixed the vulnerability on Friday, 10th May and the patch was released for the end users on Monday 13th May. WhatsApp suggests it’s users to upgrade to the latest version as soon as possible to avoid any infection. Facebook has already informed the US Justice Department about the issue.
Some Comments Regarding This Hack..
Facebook also says that “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human-rights organizations to share the information we can, and to work with them to notify civil society.”
NSO Says “NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual”
Tips to stay secure: –
- Update your WhatsApp to latest version as soon as possible to avoid any infection. And you should do the same in future also.
- Don’t open any suspicious links or attachments, attackers may send malicious links of files via WhatsApp, that can load payloads remotely, and your phone can be hacked.
- Install apps form authenticate sites only.
- Update your Mobile Operating system also can help you
- Use different password for every app you use daily
- If your apps supports 2 Factor Authentication, then use it. There is no excuse not to use it.
And lastly any app can contain vulnerability and can be hacked. There is no app, which you can claim 100% secure.