Posted on
May 15, 2019 at
3:35 AM

Whatsapp is urging its users to upgrade their app as soon as possible due to a critical vulnerability found in their app. The vulnerability allows any threat actor to simply call a Whatsapp user and this will allow them to install on the target phone. The target does not need to even answer the call so the vulnerability can be accessed at any time that the malicious actor wishes.

The , that is now owned by Facebook, stated that an advanced threat actor was spreading the malware, having already infected multiple mobile phones using the major vulnerability that was discovered. The spyware in question was developed by an Isreali spyware called NSO Group and gives the attacker full remote access to the ’s phone. This includes such powers as being able to read all messages, see contacts and activate the camera on the phone call without having to go through Whatsapp once the malware has been installed.

Authorities have been informed

Whatsapp said on Tuesday that it had already informed the
authorities of the vulnerability. The authorities mentioned by name were the US
Department of Justice and Ireland’s Protection Commission which is the
main regulator for Whatsapp in the EU. Both were made of aware of a
“serious vulnerability on the Whatsapp platform.

The uses the voice call functionality in Whatsapp to
ring the victim’s device. This allows the malware to be installed without the
victim having to open the call at all. It could be done when the phone is out
of reach and the victim would never have a chance to protect themselves in any
way.

England’s National Cyber Security Centre, the
arm of British Intelligence Services, has sent out a warning to Whatsapp users
to immediately update the on their phones. The spy agency was quoted
as saying that it was “important to apply these updates quickly, to make
it as hard as possible for attackers to get in.”

NSO denies any wrongdoing

In a quirky twist of fate, the NSO Group has denied that it
is responsible for these attacks saying that they “would not, or could
not” use the technology made within their walls to go after |any person or
organization”. It was a finely worded response by a company that is
heavily suspected of selling malware to various intelligence agencies and
nation state-backed hacking groups. While it could be that the company has
never used the software itself, that does not absolve it of the issues that
have come to light recently.

The company further stated that it vets all of its customers
very carefully and investigates any claims of abuse of its software with all
seriousness. However, the company has recently been in the press for its
software being found on the phone of internationally celebrated Saudi
journalist Jamal Khashoggi.

Security researchers are calling this hack one of the worst
they have seen in a long time. The fact that there is nothing that a user could
possibly do to protect themselves from this is something that should not have
ever been allowed to happen. However, as soon as Whatsapp found out about the
vulnerability, they reached out to various groups such as Citizen Lab and other
human rights groups and immediately fixed the issue and pushed out a patch.

A spokesperson for the Electronic Frontier Foundation said that
the Isreali company has boasted of having no-click install capabilities for
some time now, and this latest news has shed light onto how they managed to
gain this capability.

Amnesty International said last year already that they had
been targetted by software from the company, and the most recent was a
researcher who was hacked using this vulnerability. With Whatsapp fixing the
loophole and reporting it to the authorities, Amnesty International is now
petitioning the Isreali government to revoke the malware providers export
permit.

Summary

Terrible Trouble For Whatsapp Users: Company Urges Immediate Upgrade  - wAAACwAAAAAAQABAEACAkQBADs  - Terrible Trouble For Whatsapp Users: Company Urges Immediate Upgrade

Article Name

Terrible Trouble For Whatsapp Users: Company Urges Immediate Upgrade

Description

WhatsApp is urging its users to upgrade their app as soon as possible due to a critical vulnerability found in their app. The vulnerability allows any threat actor to simply call a Whatsapp user and this will allow them to install malware on the target phone.

Author


Ali Raza

Publisher Name


Koddos

Publisher Logo



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here