What Users will Do? WhatsApp Get Hacked - Install Spyware and Affected the Mobiles !
WHAT USERS WILL DO ? WHATS APP GET HACKED - INSTALL SPYWARE AND AFFECTED THE MOBILES !
Hackers get used a Security bug inside WhatsApp and install spyware through an affectes the phones WhatsApp voice call and Apple & Android users are affected.
A critical remote code execution vulnerability in WhatsApp allows hackers to deploy spyware remotely on the vulnerable devices. This month an vulnerability discovery inthe WhatsApp and it can tracked as CVE-2019-3568. The vulnerability resides in "WhatsApp VOIP stack allowed remote code execution vai specially crafted series of SRTCP packets sent to a target phone number".
It affects the following versions that include Android before v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Vulnerabiliy it can be exploited by making a WhatsApp call to the vulnerable iPhone or Android devices and infect the call wheater the recipient answered the call or not. Also, the logs of the incoming call were often erased.
The spyware in question was developed by Israeli cyber intelligence company NSO Group, according to Financial Times and the vulnerability was used to attack the phone of an UK-based attorney on 12 May.
The FT, citing the unnamed spyware technology dealer, said the actor was NSO Group, which was recently valued at $1 billion in a leveraged buyout that involved the UK private equity fund Novalpina Capital. NSO Group is the maker of Pegasus, an advanced app that jailbreaks or roots the infected mobile device so that the spyware can trawl through private messages, activate the microphone and camera, and collect all kinds of other sensitive information.
The WhatsApp representative told Ars that a “‘select number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” The representative didn’t identify NSO Group by name.
“Selected number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” WhatsApp spokesperson told Ars.
“Whoever at the company was in charge of monitoring their exploits was not doing a very good job,” Scott-Railton said. Failing to know ahead of time that the exploit had been fixed “suggests the group that is a commercial spyware company, was not doing a good job.”
Scott-Railton declined to name the UK lawyer but said he has represented Mexican journalists, government critics, and a Saudi dissident living in Canada in lawsuits against NSO Group. The legal actions allege NSO shares liability for any abuse of its software by customers.
In recent months, Scott-Railton said, NSO Group has said its spyware is only used against legitimate targets of law-enforcement groups. “If indeed this is NSO, the company in this case is clearly being used in a way that’s extremely reckless,” he said. “This [lawyer] is not anyone’s definition of a legitimate target.”
Whatsapp said the vulnerability was fixed on Friday and the patch released for end users on Monday, Whatsapp urges users to upgrade with the latest version to avoid infection.
The number of users impacted with this vulnerability remains unknown, according to the company only a small number of users were targeted.
WhatsApp messenger owned by Facebook allows users to send text messages, voice calls, as well as video calls, images, and other media, documents, and to share the user location. Whatsapp is one of the world’s leading app used by 1.5 billion users worldwide.
What is SRTP ?
SRTP (Secure Real-Time Transport Protocol or Secure RTP) is an extension to RTP (Real-Time Transport Protocol) that incorporates enhanced security features. Like RTP, it is intended particularly for VoIP (Voice over IP) communications.
SRTP was conceived and developed by communications experts from Cisco and Ericsson and was formally published in March 2004 by the Internet Engineering Task Force ( IETF ) as Request for Comments (RFC) 3711. SRTP uses encryptionand authentication to minimize the risk of denial of service( DoS ) attacks. SRTP can achieve high throughput in diverse communications environments that include both hard-wired and wireless devices. Provisions are included that allow for future improvements and extensions.
What is the threat ?
Israeli hackers from a company called the NSO Group developed the spyware specifically so they could get into people’s devices.
The threat consists of spyware capable of activating a device’s camera and microphone that also provides hackers with access to call logs, texts and other personal data inside WhatsApp.
The company sells the spyware system to clients, who include national intelligence and security agencies.
What platforms are affected ?
Android, Windows, Tizen and iOS devices are all vulnerable to this attack against WhatsApp.
How does it spread ?
The spyware is installed using an infected WhatsApp voice call.
You don’t have to accept the call and you may see no record of the call attempt ever being made, according to The Financial Times.
What has happened?
A vulnerability in the popular Facebook-owned messaging service has been discovered that allowed hackers to install spyware through an infected WhatsApp voice call.
The spyware is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities.
Who is being attacked ?
The attack seems to be aimed at human rights activists.
In this particular case, the existence of the bug was exposed when a UK-based human rights lawyer received a dropped call that made them suspicious enough to look into what was going on.
WhatsApp has said that the complexity of the attack means it will only have been used against a small number of people.
Given that WhatsApp appears to be used almost everywhere in public life, it’s no great surprise that hackers want to break into WhatsApp chats.
If you don’t use WhatsApp on your iPhone then you will not have been attacked, but if you are working in a sensitive industry then you should update the app immediately.
Has it affected me ?
The number of people spied on is not yet known. A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
If you haven’t received any WhatsApp voice calls or dropped calls from unknown parties then you have probably not been targeted. But if you happen to be a lawyer or work in sensitive industries and use WhatsApp, even for personal correspondence, you should be especially vigilant.
How does the update help ?
Once Facebook-owned WhatsApp heard of the existence of the vulnerability, it took steps to boost server-side protection against the bug and also published software updates for all impacted devices.
WhatsApp says it took ten days to deliver the update once the threat was identified.
You should be able to find the update on the relevant App Store. Alternatively, you can uninstall the software, though you’ll lose all your archives.
I thought Apple security was secure ?
Apple’s platforms are secure by design, but not every app you install is quite as secure. Apple continues to try to provide users with better control over what features can be accessed by individual apps in each release of iOS.
In the case of WhatsApp you can enable or disable access to things like your iPhone’s microphone or camera in Settings>WhatsApp, but we cannot yet be certain this hack will then be unable to access those items, pending a response from Apple.
Who are the NSO Group ?
The NSO Group is an Israeli company that has boasted about its ability to hack into iPhones in the past.
The company sells software called Pegasus that has historically been used against human rights activists.The company claims to sell these hacks only as tools to fight against crime and terror and says it maintains a strict vetting process before making them available to its intelligence and law enforcement clients.
What's WhatsApp is saying ?
What’sApp says the attack was sufficiently sophisticated it appears likely to have come from a “private company working with governments on surveillance”.
In a statement provided to Reuters, the company said:
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices".
1 comment