WhatsApp confirms vulnerability in its app after report of spyware attack

WhatsApp vulnerability allowed hackersย to snoop on usersโ€™ calls and messages via spyware

Facebook-owned WhatsApp recently confirmed vulnerability in its app that allowed attackers to install malicious spyware that could have been used for surveillance on phone calls made over the app without usersโ€™ knowledge.

The vulnerability, which was first reported by The Financial Times, has named Israelโ€™s cyber surveillance company, NSO Group that sells to security companies and governments to fight terrorism, behind the spyware.

According to WhatsApp, the spyware allowed attackers to inject the surveillance software on to both iPhones and Android devicesย using a single WhatsApp call. In other words, the code developed by NSO could be transmitted even if users did not answer their WhatsApp call. Additionally, the call made in many cases often disappeared from the WhatsApp call logs altogether leaving no room for suspicion for the user. Further, once the spyware is installed, itย will be able toย turn on the target phoneโ€™s camera and microphone as well as scan emails and messages and collect the userโ€™s location data.

When questioned about the Financial Times report, NSO in a statement said its technology โ€œis licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.โ€

The company also mentioned that it does not use the hacking tools itself. “We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.โ€

After learning about the vulnerability, WhatsApp fixed the flaw and issued a patch for customers on Monday urging its users to update the app.

โ€œWhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,โ€ a spokesperson said in a statement. โ€œWe are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.โ€

The vulnerability seems to affect Android prior to version 2.19.134 and WhatsApp Business for Android prior to version 2.19.44. In case of iOS devices, WhatsApp prior to version 2.19.51 and WhatsApp Business prior to version 2.19.51 seems to have been affected.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post