News

Through the WhatsApp vulnerability in users’ phone was installed spyware

In WhatsApp was discovered serious vulnerability that enabled hackers install on phones malware programs for spying users.

Gap in the security system discovered WhatsApp representative at the beginning of May. After it, they notified US law enforcement organs and security experts.

The essence of vulnerability was is sending a voice call on users’ phone. Even if user did not answer it, malware nevertheless was installed. It allowed tracing users’ location with the use of camera and phone’s microphone.

CVE-2019-3568 is a vulnerability of buffer overflow in WhatsApp VoIP, and if attacker used it, he can execute malware code and get access to encrypted chats, listen calls, activate microphone and camera, watch pictures, contacts and other information on compromised device. On par with it call logs can be modified for hiding of malware actions. Exploitation of the issue is performed by sending specially formatted SRTCP-packets on targeted phone.

CVE-2019-3568 affects following WhatsApp versions: WhatsApp for Android (till 2.19.134 version), WhatsApp Business for Android (till 2.19.44), iOS (till 2.19.51), WhatsApp Business for iOS (till 2.19.51), WindowsPhone (till 2.18.348) and WhatsApp for Tizen (till 2.18.15).

Developers have already released correcting update and recommend installing it as soon as possible.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” – the company said in a statement.

As informs Financial Times, company NSO Group from Israel developed this spying program. This company sales its products majorly to Western and Middle Eastern intelligence services and governments.

NSO main product is Pegasus spyware that can read SMS and emails, turn on microphone and camera, establish location etc.

As ensured in NSO, programs were sold to “authorized governmental agencies exclusively for fight with terrorism and crimes investigation”.

In company emphasized that they conduct investigation of possible misuse of their programs, and in case of necessity can discuss possibility of folding the program.

WhatsApp did not name NSO in its remarks, but its suspicions seem clear:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”, — said in WhatsApp.

Read also on Adware.Guru: Cybercriminals got access to personal data of thousands police and FBI employees

According to Facebook latest assessment, 1,5 billion people worldwide use WhatsApp.

In WhatsApp reported that investigate the case and cannot establish even approximate number of affected people. Presumably, attacks targeted certain people.

Source: https://techcrunch.com

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago