Along came a Whatsapp trojan

All you need to know about the spyware that was injected into the messaging platform.

View in App
Along came a Whatsapp trojan
WhatsApp, an end-to-end encrypted messaging platform owned by Facebook, faced an issue where a sophisticated hacking team found a flaw and injected a spyware to listen to the calls of a few individuals on the platform. WhatsApp discovered the flaw earlier this month and upgraded its infrastructure. It asked users globally to update the app. India is among its largest markets with over 300 million using the messaging app to send texts and make calls.

What happened?
Around 1.5-billion WhatsApp users were affected by a vulnerability that allowed attackers to inject a commercial Israeli spyware into phones. The surveillance software was installed on both iOS and Android devices using the app’s call feature. This gave the hackers complete access to everything on infected mobile devices, including personal information, email, contacts, camera, location and microphone.The spyware could be installed even if the user didn’t pick up the call, and the call logs could have been deleted so people wouldn’t know if they had been impacted. It is believed that only a select group of users were targeted, and the spyware wasn’t pushed out indiscriminately.


What is NSO Group?
NSO Group is the Israel-based cyber intelligence company linked to these attacks. Pegasus, the flagship product of the multi-million-dollar firm, is a piece of malware that gives the attacker complete access to all data stored on a phone through a single click, including GPS location data. Pegasus is believed to be used in over 45 countries worldwide.

Discovery
“We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday (Tuesday) to target a human rights lawyer. Now is a great time to update your WhatsApp software,” CitizenLab, a cyberspace unit of University of Toronto, wrote in a tweet.

Quick fix:
The social messaging app pushed out an update on Monday to all users that fixes this vulnerability. It also issued a security advisory explaining the nature of the bug. “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” the advisory said.
ADVERTISEMENT

What do you do now?
Some experts recommend uninstalling and reinstalling the app without restoring the earlier data if you’re particularly concerned as there’s no clarity as to whether the spyware would get reloaded from the backed up data.

This has raised issues around the app’s much touted end-to-end encryption abilities, with many experts questioning just how safe WhatsApp data really is. It’s also recommended that you keep your operating system up-to-date at all times.

“This isn’t about you being careful with the calls you make or take — it’s about a bug that can be exploited if WhatsApp is running at all. So, the care you need to take is this: update your WhatsApp app now! Even if you think you have automatic updating turned on, go and check,” said Paul Ducklin, senior security advisor, Sophos.

“In theory, this sort of bug is possible in any network-aware app, from email apps and your browser to IM and photo sharing apps — so always remember: PATCH EARLY, PATCH OFTEN. The longer you leave it to install security fixes, the longer you give crooks to attack you once an attack vector is widely known and publicised,” he said.
14

ADVERTISEMENT
Download
The Economic Times Business News App
for Live Elections News & Results, Latest News in Business, Share Market & More.
Download
The Economic Times Business News App
for Live Elections News & Results, Latest News in Business, Share Market & More.
READ MORE
ADVERTISEMENT

READ MORE:

Sentiment Tracker

    You can select any three only
      Thank you for your responseThank you for your response

      LOGIN & CLAIM

      50 TIMESPOINTS

      ET Business Listings
      Generate Enquiries for your Business by Listing on Economictimes.com

      More from our Partners

      Loading next story
      Text Size:AAA
      Success
      This article has been saved

      *

      +