Fileless Malware Attacks -The Growing threat to Pakistani Enterprises
April 9, 2019Hackers attack Pakistani Govt’s passport application tracking site
June 15, 2019Hackers were able to use the vulnerability and install other malware on phones. After 2 Weeks WhatsApp confirms its 1.5 Billion users need an upgrade.
WhatsApp the most popular messenger app, is also owned by Facebook, reported that this attack targeted a “select number” of users, and was orchestrated by a certain “advance cyber actor”.
A patch and fix was rolled out on Friday night. It is recommended for all readers to update their WhatsApp if they have not till now.
This specific vulnerability was exploited by an Israeli security firm NSO Group, according to the recent report in the Financial Times. The NSO Group is an Israeli company it is well known as a “cyber-arms dealer” in certain quarters.
On Monday morning, WhatsApp urged all of its 1.5 billion users to update their apps as an added safety measure.
The attack was first discovered around 2 weeks ago.
Although WhatsApp promotes itself as a “secure communications app” as messages are end-to-end encrypted between sender and receiver, which means that they should only be displayed in a legible form only on the sender or recipient’s device.
However, the this specific surveillance software would have let an attacker or a malicious actor to read these messages on their target’s device.
It is believed that involved attackers using WhatsApp voice calling functions to ring a target’s device. Even if the call was not answered, this vulnerability can be exploited and a surveillance software can be installed, as reported, this call would often disappear from the call log to remove any trace of hack.
WhatsApp has told the BBC that its security team was the first to identify the flaw, and they have shared all the relevant information with human rights groups world wide, selected security vendors and the US Department of Justice .
Same security firm NSO Group also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP stack which allows RCE (remote code execution) via specially crafted series of SRTCP [secure real-time transport protocol] packets, that are sent to a target phone using nothing but their WhatsApp number..”
There is an inherited flaw in VOIP communication where an initial process that dials up and establishes the call, can be exploited but for that to work call must be answered. How ever how WhatsApp software handles its calls, hackers have found a way to use same vulnerability with zero interaction from target.
Amnesty International Human Rights – has already been targeted by these tools and even some created by the NSO Group in the past. This week, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel to revoke the NSO Group licence to export its products internationally.