If you’re a frequent user of WhatsApp then you should probably pay attention to this article!
Whatsapp found out that attackers have been using a vulnerability in the application (app) in order to place commercial spyware in our phones, reported CNA. Earlier this month (May 2019), WhatsApp discovered that hackers can remotely install “surveillance software” on all kinds of phones – iPhones and Android phones.
Apparently, the code – which was developed by an Israeli company named NSO Group – is sent via WhatsApp call to the users’ mobile device. Even if users don’t answer the Whatsapp call, the code can still be transmitted and the calls will vanish from the call logs. Oh dear!
Facebook’s security advisory noted that a “buffer overflow” in the Whatsapp’s VOIP (Voice Over Internet Protocol) has enabled “remote code execution via specially crafted series of SRTCP packets” which are sent to the users’ phone.
FYI, SRTCP is an acronym for Secure Real-Time Transport Protocol.
Having said that, this issue only affects several WhatsApp versions, which are mentioned below:
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15
Upon detecting this problem, Whatsapp responded by “rolling out a fix to its servers” progressively since 10th May 2019. Then on Monday (13th May), they provided a patch for the users. WhatsApp was quoted as saying,
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
Meanwhile, The New York Times wrote that the NSO group explained in a statement on Monday that its spyware is strictly licensed to government agencies only. Therefore, they will be conducting an investigation over the newly found WhatsApp issue. They said,
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”
Previously, in 2017, NSO was all over the news over several allegations regarding the Mexican government using their Pegasus mobile spyware, which targeted private citizens.
This is certainly a concerning issue as it concerns our privacy! Hopefully, the authorities will look into this matter and solve it quickly.
Also read: Starting 3 April, You Can Decide Who Can Add You to Group Chats on WhatsApp