A critical zero-day vulnerability which allows cyber criminals to remotely install surveillance malware on Android, iOS and Windows devices by simply calling the targeted device via WhatsApp audio call has been discovered, reports the Financial Times.
Known as Pegasus spyware, the malware was made by the Israeli company called NSO Group which is known for producing the most advanced mobile spyware on earth.
Identified as CVE-2019-3568, the vulnerability allow hackers to exploit it by installing the Pegasus spyware on targeted Android and iOS devices by merely placing a WhatsApp call. The most scary part of it is that the malware installs itself even if the call is not answered.
Still, the victim won't be able to find out about the intrusion as the spyware erases the logs about the incoming call.
Also Read: Man Ends Relationship After Facebooks 10 Year Challenge Exposes fiancée Who Bleached Her Skin
WhatsApp parent company Facebook also published an advisory, stating the versions of WhatsApp affected by the vulnerability in WhatsApp's VOIP.
"A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafter series of SRTCP packets sent to a targeted phone number," the description of the vulnerability read in the Facebook post.
"The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15," Facebook said.
From the above, the vulnerability affects all the versions of WhatsApp except the latest which means the 1.5 billion people using WhatsApp until yesterday when Facebook rolled out the patch are all affected the vulnerability.
The Israeli spyware grants hackers access to a huge amount of data from the victims phone remotely such as text messages, WhatsApp mesages, contact details, call records, location, microphone, camera, emails, etc, without the owners consent.
Citizen lab, a watchdog group at the University of Toronto which has been investigating NSO Group's activities, believes that the vulnerability was used ton attack a UK-based human rights lawyer as at last Sunday, 12 May, 2019.
The exact number of targted WhatsApp users isn't yet known, though WhatsApp engineers confirmed that only a few "select number" of users that were targeted by the NSO Group spyware.WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software https://t.co/pJvjFMy2aw https://t.co/e8VQUraZWQ— Citizen Lab (@citizenlab) May 13, 2019
For now, the Facebook owned social networking company is urging Android and iOS users to update their messaging app to the latest version which has the patch.
Recently we hear that so many whatsapp accounts are hacked. Many businesses share and discuss business meeting through Whatsapp. As per my experience i dont think so Whatsapp is best way of business communication. Instead of any app, we need to use Business phone number.
ReplyDelete