WhatsApp today disclosed a vulnerability that allowed hackers to remotely install spyware on iOS and Android phones by exploiting a bug in the audio call feature of the app.
The vulnerability let spyware be installed on a target device when a call was initiated regardless of whether the call was answered, according to TechCrunch.
Hackers took advantage of this security flaw to install Israeli spyware called Pegasus from NSO Group, normally licensed to governments who purchase the spyware for installing on the devices of individuals who are the target of an investigation.
Description:A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
WhatsApp says that it believes a small number of users were targeted, because it’s “nontrivial to deploy, limiting it to advanced and highly motivated actors.” It’s not clear, though, how long the security flaw was available nor how many people were affected.
According to WhatsApp, once the vulnerability was discovered, it took less than 10 days to make changes to the app’s infrastructure to make the attack inoperable.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement to TechCrunch.
WhatsApp says that it has notified the Department of Justice and a “number of human rights organizations” about the issue. NSO Group, according to The Financial Times, says it is investigating the issue but while it vets its customers and investigates abuse, it has no involvement with how the code is used or where.
WhatsApp customers do not need to worry further about the exploit as it was updated server side on Friday with an additional patch released today.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.