WhatsApp, Facebook-owned instant messaging app, has been attacked by spyware using a vulnerability in the app. The commercial spyware has been used for surveillance and it can be used to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information, reported by the Financial Times.
Miscreants were first spotted in early May and hinted that the Facebook-owned app suffers from a classic buffer overflow weakness. Voice call function has been used for injecting the spyware in both iPhones and Android phones by ringing up targets. After that, call logs can be altered to hide the method of infection.
How did they use Voice calls?
To pull off this invasion, the hacker has cautiously spoofed packets of data that were sent to the target phone during the process of starting a voice call. When the packets were received by the targeted phone, an internal buffer within WhatsApp is forced to brim over, overwriting other parts of the app's memory and leading to the snoop hijacking of WhatsApp.
One of the strange things in the attack is that it can also be injected to your phone even if you don't receive the voice call, as we mentioned above, voice call starting packets are morphed.
The company behind this attack
It's believed that the spyware is developed by Israeli company NSO Group, recently valued at $1bn, which sells a highly capable spyware package. NSO's flagship product is 'Pegasus', which can alter your phone's camera, microphone, and can collect other information as well. NSO touts its Pegasus as the product for governments of the middle eastern country to fight against terrorism and crime.
WhatsApp raced to patch
As the attack was spotted, engineers at Facebook rushed to launch a patch to overcome security flaws. They launched a patch named CVE-2019-3568, and freshly secured versions of WhatsApp were pushed out to users on Monday.
So, if your phone offers you an update for WhatsApp, do it or check it manually by reaching App Store or Play Store. WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method.
In an advisory on Monday, Facebook said, "The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
Who has been targeted?
WhatsApp said that it was too early to say about how many users have been targeted by the vulnerability, but they speculated that attacks were highly-targeted. As per the company's stats, the Facebook-owned chat app has around 1.5bn users worldwide.
Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human right group had long feared was possible.