Security

WhatsApp flaw exposes users to malicious spyware

Read time 3min 00sec

Messaging giant WhatsApp is urging its users to update their messaging app after it was discovered that hackers could remotely install spyware on phones via the call function, whether the call was answered or not.

ITWeb Security Summit 2019

Eight international keynote speakers are heading to SA to join the local experts and share insights with SA's cyber security community. We have Graham Cluley, independent computer security expert and public speaker; Ofir Hason, CEO and co-founder of CyberGym; and Pete Herzog, MD of the Institute for Security and Open Methodologies. To find out more and to register, click here.

Once the spyware is installed on a device, it gives attackers the ability to gain full access to a phone remotely, allowing them to read messages, see contacts, as well as activate the camera. WhatsApp said the vulnerability affects all but the latest version of the app on iOS and Android.

The Facebook-owned company has since fixed the vulnerability, and said in a statement: "WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices."

The spyware was spread by an "advanced cyber actor" and has infected multiple mobile phones to date. It was developed by Israeli spyware company NSO Group, which came under the spotlight a few years ago for creating software that could jailbreak any iPhone.

Researchers have also referred to the group as a cyber arms dealer, although the group claims the technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," the group said.

However, the company's tools have been repeatedly used to hack journalists, lawyers and human rights defenders. Yesterday, the Financial Times reported that hackers had been making use of the flaw up until Sunday evening, when it was used to target a UK-based human rights lawyer.

Most notably, the spyware was implicated in the murder of Saudi journalist Jamal Khashoggi, who was reportedly dismembered in the Saudi consulate in Istanbul in 2018, and whose body was never recovered.

"The mere fact that such a vulnerability can be exploited remotely in a default configuration is extremely critical and alarming," says Ilia Kolochenko, founder, CEO and chief architect at Web security company ImmuniWeb.

He says the flaw is unprecedented in terms of its potential to run high-profile targeted attacks. "WhatsApp is so popular that virtually everyone is a potential victim. Worse, today, access to someone's smartphone likely provides access to much more sensitive information than access to a computer, for example.

"The ability to track the victim in real-time, to listen to a device's microphone and read instant communications are all a goldmine for cyber criminals."

According to Kolochenko, rumours about this type of security flaw have been circulating for a while, but few took them seriously. "All corporate users of WhatsApp should urgently launch forensics on their mobile devices to verify whether they were compromised and 'back-doored'."

Following a year when Facebook was already under a negative spotlight, it is Kolochenko's view that this massive security incident will cause irreparable damage to the social network's reputation.

"People are fed up seeing their data being sold, leaked and hacked. Serious legal ramifications are also foreseeable."

Have your say
Facebook icon
Youtube play icon