An Israeli security firm has developed a way in which a hacker can infect a device with spyware by simply calling it via WhatsApp. Even if the call was not answered the spyware would be installed, and additionally the log of the call would be deleted - meaning that the target user would have no knowledge of anything taking place. Once installed, the spyware would be able to examine calls, messages, and other data, as well as gain access to the camera and microphone.
The UK National Cyber Security Centre has published advice in the wake of the announcement, and the Financial Times has published an in-depth article (subscription required).
The company also released an advisory note to security specialists which described the attack as a "buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number."
So far we do not know how many people may have been affected, although it has been revealed that a human right lawyer and Amnesty International worker were both targeted. It would appear that only people who work in sensitive industries have been affected, although very little has been revealed so far.
WhatsApp released the patch for the vulnerability on Friday, and have urged users to upgrade their app to the latest version. The latest version of WhatsApp on Android is currently 2.19.137 and the latest version for iOS is 2.19.51. If you need help with updating the app then check out this guide. The notes which accompany the latest update make no mention of the vulnerability, which has drawn criticism.
Very little is known about the firm behind the attack, NSO Group. They are based in Israel but are part-owned by a London private equity firm, Novalpina Capital. They claim to specialise in tools to combat cyber crime and terrorism, but they have also been described as a 'cyber arms dealer'.
According to the FT, the firm says that their software "is intended for governments to combat terrorism, track drug cartels and foil child kidnappings. But journalists from Mexico to Saudi Arabia say the $1bn company’s knowhow also helped regimes to spy on dissidents."
The UK National Cyber Security Centre has published advice in the wake of the announcement, and the Financial Times has published an in-depth article (subscription required).
Tweet
— Twitter API (@user) date
The company also released an advisory note to security specialists which described the attack as a "buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number."
So far we do not know how many people may have been affected, although it has been revealed that a human right lawyer and Amnesty International worker were both targeted. It would appear that only people who work in sensitive industries have been affected, although very little has been revealed so far.
WhatsApp released the patch for the vulnerability on Friday, and have urged users to upgrade their app to the latest version. The latest version of WhatsApp on Android is currently 2.19.137 and the latest version for iOS is 2.19.51. If you need help with updating the app then check out this guide. The notes which accompany the latest update make no mention of the vulnerability, which has drawn criticism.
Very little is known about the firm behind the attack, NSO Group. They are based in Israel but are part-owned by a London private equity firm, Novalpina Capital. They claim to specialise in tools to combat cyber crime and terrorism, but they have also been described as a 'cyber arms dealer'.
According to the FT, the firm says that their software "is intended for governments to combat terrorism, track drug cartels and foil child kidnappings. But journalists from Mexico to Saudi Arabia say the $1bn company’s knowhow also helped regimes to spy on dissidents."
Tweet
— Twitter API (@user) date