Jump to content

WhatsApp discovers 'targeted' surveillance attack


The AchieVer

Recommended Posts

The AchieVer

WhatsApp discovers 'targeted' surveillance attack

WhatsApp logoImage copyrightGETTY IMAGES
Image captionWhatsApp has 1.5bn users, but it believed the attacks were highly-targeted

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

 

WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor". 

 

A fix was rolled out on Friday. 

 

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times

 

On Monday WhatsApp urged all of its 1.5bn users to update their apps as an added precaution. 

 

The attack was first discovered earlier this month. 

How was the security flaw used?

It involved attackers using WhatsApp's voice calling function to ring a target's device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device's call log. 

 

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month. 

 

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists. 

 

The firm also published an advisory to security specialists, in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” 

 

Who is behind the software?

The NSO Group is an Israeli company that has been referred to in the past as a "cyber arms dealer". 

 

Its flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data. 

 

In a statement, the group said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror. 

 

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. 

 

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation."

Who has been targeted?

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted. 

 

According to Facebook's latest figures, WhatsApp has around 1.5bn users worldwide. 

 

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

 

"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

 

"There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry."

 

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products.

 

 

 

Source

Link to comment
Share on other sites


  • Replies 2
  • Views 383
  • Created
  • Last Reply
The AchieVer

Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

WhatsApp patches a flaw that has been used to install spyware on Android and iPhone devices.

 
 
5b3f85af60b213890696ac8e-1280x7201jul092
 

 

WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target.   

 

The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp's VOIP function.  

 

An attacker would need to call a target and send rigged Secure Real-time Transport Protocol (SRTP) packets to the phone, allowing them to use the memory flaw in WhatsApp's VOIP function to inject the spyware and control the device.  

 

The target wouldn't even need to answer the call for the spyware to be injected, and the calls often disappear from call logs.  

 

The Financial Times, which broke the story, reports the spyware is from the Israeli company NSO Group, which has been accused of selling its spyware to governments with dubious human-rights records.  

 

NSO Group's flagship product is Pegasus, a so-called 'lawful intercept' tool, which researchers at the University of Toronto's Citizen Lab recently found is deployed in 45 countries.  

 

The widespread deployment suggested it is not only being used to combat local crime and terrorism, but also for cross-border surveillance, for example, by governments seeking information from political dissidents living in other countries.  

 

The malware can record conversations, steal private messages, exfiltrate photos, turn on a phone's mic and camera, and collect location data. 

 

Last year a Citizen Lab investigation found that colleagues of a slain Mexican journalist were also targeted with Pegasus.  

 

WhatsApp engineers on Sunday were reportedly racing to address the vulnerability as it was used that day in an attempt to install Pegasus on the phone of a UK-based human-rights lawyer.  

 

WhatsApp deployed a server-side fix on Friday last week and issued a patch for end-users on Monday alongside Facebook's advisory.  

 

The WhatsApp VOIP flaw affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.  

 

According to the Financial Times, the unnamed UK lawyer who was targeted with Pegasus is suing NSO Group in Israel on behalf a group of Mexican journalists and government critics and a Saudi dissident living in Canada. The suit alleges NSO Group shares liability for its product's misuse by clients.  

 

Facebook told the publication: "This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human-rights organizations to share the information we can, and to work with them to notify civil society." 

 

WhatsApp says it has informed the US Justice Department about the issue.  

 

NSO Group distanced itself from the actual attempt to install its spyware on the UK lawyer's phone.  

 

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," NSO said in a statement to CNET.  

 

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. 

 

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies." 

 

 

Source

Link to comment
Share on other sites


  • Administrator

Quite a big thing. Some media houses are covering this, which does not happen always.

 

While it's understandable that only some specific people might be targeted - meaning most might not be, however, still, it's important to keep things updated I think.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...