WhatsApp asks users to update app over Israeli spyware threat

https://static.asianetnews.com/images/authors/bff11d14-81b3-52a9-a94b-86431321f9f4.jpg
First Published 15, May 2019, 4:26 PM IST
audio podcast
WhatsApp asks users to update app over Israeli spyware threat
Highlights

WhatsApp has asked its users to update the app immediately, after it was found that hackers could inject a spy software developed by an Israeli secretive spyware company that could allow them full access to a victim’s phone remotely

WhatsApp users have been asked to update the app immediately after the firm Facebook issued a warning to users. The most popular app, used by 1.5 billion people, has become the target of hackers who are using spyware that would allow them to full access to smartphones remotely.

According to reports, an Israeli firm, NSO group, has been accused of supplying spyware which has been used to hack phones of journalists and human rights activists.

The spyware allows hackers remote access to Android and IPhone devices. Hackers can allegedly steal the data from smartphone by simply placing a WhatsApp call, and could gain access even if the victim didn’t answer.

The bug was discovered when it was used to break into a London lawyer’s phone, who has accused the NSO group of providing hackers with the necessary tools to enable their deeds.

The lawyer said he suspected that something was wrong, when he received video calls from Norwegian numbers. He then contacted Citizen Lab at Monk School of Global Affairs at the University of Toronto, which helped him uncover the truth.

While Citizen Lab was conducting their research, engineers at WhatsApp found an abnormal voice calling activity in the app following which the company alerted the US Justice Department.

A WhatsApp spokesperson said, “The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems. We believe a select number of users were targeted through this vulnerability by an advanced cyber actor.”

On the website the company published details of the incident which stated, “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

NSO, who claims to advertise their products only to government agencies, says it would investigate any credible allegations of misuse. Now, even though the company claims to check on their buyers’ country-based records, they advise on updating the app as well as the phone’s operating system with the latest security patches available to ensure their devices are not vulnerable.

loader