The phones of users of online messaging app WhatsaApp were exposed to targeted spyware which could be installed on phones through voice calls because of cyber security breach, admitted the company on Monday. Both the iPhone and Android devices are affected by this breach. It is being alleged that irrespective of whether or not an infected call is answered by the user, the malicious code, which is claimed to have originated from Israel's NSO Group, is transmitted into the phones.
Last year, a number of major security breaches have troubled Facebook, the owner of WhatsApp. This time however the situation is different because of the involvement of a private company that owes allegiance to government. WhatsApp has always boasted of its end-to-end encryption for both messaging and voice calls. In many countries of the world, this high level of security has made it a messaging app of choice for government and security officials.
According to a statement from WhatsApp published in the Financial Times, "the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society."
The security breach was discovered earlier this week and the engineers at WhatsApp are working hard to plug the security loophole. A fix to servers on Friday and to customers on Monday was deployed by the company. According to the report in the Financial Times, a WhatsApp spokesperson said "a number in the dozens would not be inaccurate" in terms of impacted users.
According to experts, the loophole used for implanting malicious software into a phone is known as a buffer overflow weakness which allows hackers to insert the code into a phone through data packets that are delivered to the targeted phone at the beginning of an online call. There is an overflow of WhatsApp's internal buffer after the data is received. That overwrites other parts of the app's memory and the application gain complete control over the device.
"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15," said a statement from Facebook.
In a statement published on Monday, the Amnesty International said that it was "supporting legal action to take the Israeli Ministry of Defence (MoD) to court, to demand that it revokes the export license of NSO Group, an Israeli company whose spyware products have been used in chilling attacks on human rights defenders around the world. In a petition to be filed tomorrow at the District Court of Tel Aviv, approximately 30 members and supporters of Amnesty International Israel and others from the human rights community set out how the MoD has put human rights at risk by allowing NSO to continue exporting its products."
Amnesty's Danna Ingleton said that those governments that are well known for gross violation of human rights are sold there products by he NSO Group. This grants tools to such governments that enable them to track activists and critics," she said.
WhatsApp has advised its nearly 1.5 billion users spread globally that they should be upgrading the application to the latest version to the latest version in addition to keeping their mobile operating system up to date in order to safeguard against possible targeted exploits that are geared to steal information that is stored on the mobile devices.
(Source:www.forbes.com)
Last year, a number of major security breaches have troubled Facebook, the owner of WhatsApp. This time however the situation is different because of the involvement of a private company that owes allegiance to government. WhatsApp has always boasted of its end-to-end encryption for both messaging and voice calls. In many countries of the world, this high level of security has made it a messaging app of choice for government and security officials.
According to a statement from WhatsApp published in the Financial Times, "the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society."
The security breach was discovered earlier this week and the engineers at WhatsApp are working hard to plug the security loophole. A fix to servers on Friday and to customers on Monday was deployed by the company. According to the report in the Financial Times, a WhatsApp spokesperson said "a number in the dozens would not be inaccurate" in terms of impacted users.
According to experts, the loophole used for implanting malicious software into a phone is known as a buffer overflow weakness which allows hackers to insert the code into a phone through data packets that are delivered to the targeted phone at the beginning of an online call. There is an overflow of WhatsApp's internal buffer after the data is received. That overwrites other parts of the app's memory and the application gain complete control over the device.
"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15," said a statement from Facebook.
In a statement published on Monday, the Amnesty International said that it was "supporting legal action to take the Israeli Ministry of Defence (MoD) to court, to demand that it revokes the export license of NSO Group, an Israeli company whose spyware products have been used in chilling attacks on human rights defenders around the world. In a petition to be filed tomorrow at the District Court of Tel Aviv, approximately 30 members and supporters of Amnesty International Israel and others from the human rights community set out how the MoD has put human rights at risk by allowing NSO to continue exporting its products."
Amnesty's Danna Ingleton said that those governments that are well known for gross violation of human rights are sold there products by he NSO Group. This grants tools to such governments that enable them to track activists and critics," she said.
WhatsApp has advised its nearly 1.5 billion users spread globally that they should be upgrading the application to the latest version to the latest version in addition to keeping their mobile operating system up to date in order to safeguard against possible targeted exploits that are geared to steal information that is stored on the mobile devices.
(Source:www.forbes.com)
Homepage
Send to a friend
Printable version
Share
