WhatsApp Was Hacked: Here's How You Can Protect Your Phone Information

Remigio Civitarese
Mag 15, 2019

Engineers worked around the clock from Friday to Monday to develop a fix for the security loophole discovered earlier this month.

By using NSO's Pegasus malware, cyber hackers were able to discover WhatsApp's users' location, and they were able to record their phone calls and text messages.

According to information on its security page, "a buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number".

WhatsApp has around 1.5 billion users around the world.

The details of this vulnerability surfaced in a report from The Financial Times.

Traditionally, it's only sold to government/state intelligence agencies, but in this particular instance, the spyware was used on 12 May to attack a United Kingdom attorney'a phone, who happened to be involved in a lawsuit against NSO Group.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems", the company said Monday.

WhatsApp has briefed human rights organisations on the matter, but did not identify them.

Asked about the report, NSO said its technology is licensed to authorised government agencies "for the sole goal of fighting crime and terror", and that it does not operate the system itself.

Who's behind it? Its development is likely to have been directed by a government, and the suspected attacks were targeted to specific individuals, WhatsApp said.

"NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the United Kingdom lawyer)".

Amnesty International, an international human rights watchdog, claims one of its staffers was targeted with the Israeli-made spyware past year.

Human rights advocates and journalists, including the Saudi journalist Jamal Khashoggi, who was killed in October past year, have been targeted using the malware, according to experts.

Encrypted messaging apps should never be considered secure, experts have warned, after a flaw in WhatsApp allowed attackers to spy on activists.

Apart from rolling out app updates to patch the exploit, WhatsApp also made changes to its infrastructure to ensure the attack could not be carried out. On an Android device, open the Play Store, tap on the three lines in the upper left corner, choose "My apps & games" from the menu, hit "WhatsApp", and click Update.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE