Prudence Pitch

13:35 15/05/2019 | 7newstar.com

Total post : 518

WhatsApp confirms a vulnerability that allowed hackers to install spyware on smartphones

(Tech) While WhatsApp began life as a simple messaging app, it has expanded into all manner of communications including voice calls, which it has offered since early 2015. Malicious code developed by Israeli cyber intelligence firm NSO could be delivered to users’ handsets using an exploit in the voice-call feature on WhatsApp. The code could be deployed regardless of whether the recipient answered the call.

 

 

Tel Aviv-based NSO has long been mired in controversy over its development of mobile surveillance technology, which it says it sells to government agencies to “prevent and investigate terrorism and crime to save thousands of lives around the globe”.

NSO’s core product, Pegasus, is essentially spyware that can scrape email and text messages, track calls, access a device’s location, and activate the phone’s microphone and camera. It’s worth noting that although WhatsApp was used in this instance to distribute Pegasus, WhatsApp messages - which are encrypted - are not thought to have been impacted.

WhatsApp found the vulnerability in early May and started issuing a fix to its infrastructure late last week. Though that back-end fix alone should have patched the vulnerability, the company is still recommending that users update WhatsApp to the following latest versions:

WhatsApp for Android: v2.19.134
WhatsApp Business for Android: v2.19.44
WhatsApp for iOS: v2.19.51
WhatsApp Business for iOS: v2.19.51
WhatsApp for Windows Phone: v2.18.348
WhatsApp for Tizen: v2.18.15.

The timing of this news is notable, coming as NSO faces legal wrangles in Israel over its sale of surveillance technology to oversees governments that may be abusing the technology. Amnesty International and New York University (NYU) are filing a petition today at the District Court of Tel Aviv, in support of existing legal action requesting the ministry of defence (MoD) revoke NSO’s export licence.

Comment


Post new