Alert | Cyber surveillance attack on Whatsapp

Hackers were smart enough to remotely install surveillance software on cell phones and other gadgets using a major vulnerability in messaging app WhatsApp, it has been accepted.

WhatsApp owner, which is in hand of Facebook, said the attack aimed a “select number” of users and was coordinated by “an advanced cyber actor”. A fix was mounted on last Friday.
On Monday WhatsApp requested all of its 1.5bn users to update their apps as an additional precaution.
The attack, exposed earlier this month, was first disclosed in the Financial Times.
It embroiled attackers using WhatsApp’s voice calling a function to ring a target’s device. Even if the call was not received, the surveillance software would be installed, and, the FT stated in its report, the call would often be deleted on its own from the device’s call log.
The BBC believes WhatsApp’s security group was the first to detect the bug and shared that info with human rights groups, tabbed security vendors and the US Department of Justice earlier this month.

"The attack has all the indications of the independent company reportedly that works with governments to provide spyware that takes over the activities of mobile phone operating systems,” the company said on Monday in a briefing document note for media persons.
The company also broadcasted an advisory to security specialist team, in which it explained the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack permitted remote code execution through specially designed series of SRTCP packets sent to a target phone number.”
The FT stated that the attack was made by Israeli security from NSO Group, a company that has been attributed to in the past as a "cyber arms dealer".
Its flagship software, Pegasus, has the power to collect confidential data from a particular device, including capturing data via microphone and camera and collecting location data.
In a report, the group said: "NSO’s technology is accredited to authorized government agencies for the exclusive purpose of fighting crime and terror.
"The company does not perform the system, and after a meticulous licensing and QA process, intelligence and law enforcement decide how to use technology to support their public safety goals. We examine any credible allegations of misuse and if required, we take action, including closing down the system.

"Under any situation, NSO would not be muddled in the operating or identifying the targets of its technology, which is completely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to focus any person or the organization, including this individual.”
WhatsApp said it was the initial stage to know how many users had been afflicted by the vulnerability, although suspicious attacks were highly-targeted.
According to Facebook’s latest stats, WhatsApp has around 1.5bn users across the world.

For a visual video, you can go through the link on "Times of India" below :
Be Safe and Be Happy

Post a Comment