What’s up, WhatsApp?
Messaging service can act as gateway to turn phones into bugging devices
Although this popular messaging service, owned and operated by Facebook, is promoted as a secure messaging service, since all messages are encrypted on their journey between users (‘end-to-end encryption’), it turns out that what it says on the tin may not be entirely correct.
Admitting that there is a major vulnerability which has been exploited by “an advanced cyber-actor”, WhatsApp has strongly recommended that its 1.5 billion users upgrade to the latest version of the software, which allegedly fixes the bug allowing the malware to have its wicked way, though only a “select number” of WhatsApp users have been targeted.
In this instance, the loophole was a buffer overflow in the VOIP stack used by WhatsApp, meaning that data masquerading as the sound in a voice call can be received and stored in the wrong area of the phone’s memory. This ‘voice data’ may in fact be a piece of malicious software. Without going into detail, the upshot of this is that a specially tailored WhatsApp call, even if that call is not answered, can plant the spyware in the victim’s phone.
According to sources, an Israeli company, described as “one of the world’s most invasive software weapon distributors”, developed the malware, which is available commercially, with a price tag of under $1 million per deployment. NSO Group’s Pegasus, having once lodged itself in a victim’s phone, allows a remote site to access data on that phone. The data that may be accessed in this way includes text messages, photos, and location, in addition to the WhatsApp messages, as well as cameras and microphones.
The spyware has been used to target human rights activists, including a staffer of Amnesty International, and journalists in the Middle East and elsewhere. The University of Toronto’s Citizen Lab reports that there are 45 countries in which Pegasus has been reported, and six operators of the malware (out of the 36 total operators) have been linked to countries with a history of abusing spyware to target civil society.
Even though statistically your phone is unlikely to have been infected with the spyware, this latest security news should act as a wake-up call to keep your apps and operating systems up to date, not only on your phone and on your mobile devices, but on your computers, and all IT equipment such as switches and routers.
First Response’s Security Operations Centre can provide monitoring, and a response to malware infection, and our Incident Response capabilities allow us to identify attack sources and vectors, and help you remediate and protect against future attacks, but ultimately prevention is better than cure.
Please call First Response if you would like our assistance in guarding against cyberattacks, and improving your organisation’s response should such an attack occur.
“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15” (Facebook)