WhatsApp is urging its 1.5 billion users to update their apps following the discovery of a security bug that allows hackers to remotely install spyware on users’ smartphones. The WhatsApp hack issue has made much problems for users by enabling targeted spyware to be installed on phones through voice calls. The security vulnerability affects both iPhone and Android devices. It affects with malicious code (allegedly) from Israel’s NSO Group, transmitted whether or not a user answers an infected call.
The Facebook subsidiary, which has 1.5 billion users, said an advanced cyber actor infected an unknown number of people’s devices with the malware, which it said it discovered in early May.
WhatsApp carries a strong reputation as a secure messaging app. But now the Facebook-owned messenger is under scrutiny. Let’s see how hackers breached WhatsApp and is it still safe to use?
WhatsApp Security Flaw
The vulnerability exploits WhatsApp’s voice calling to ring the target’s device. Once the call starts, an advanced surveillance tool installs. The victim doesn’t need to answer the call. The malware still installs. After the incoming call finishes, the surveillance tool wipes any notifications and call logs relating to the malware.
The spyware itself is capable of trawling through and collecting phone call data, messages, photos, and videos. As well as activating and recording the microphone and camera. It is an advanced, dangerous piece of malware that could cause significant damage. However, while the malware itself and the exploitation of WhatsApp is advanced, the attack leveraged a pretty old method of attack.
WhatsApp owner Facebook published a security advisory describing the hack as “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”
A buffer overflow is where a program, or in this case, app, accesses system memory it should not have access too. If an attacker can figure out how to run code in the unauthorized memory area, they can execute something malicious, which is what has happened here.
Which Phones Does It Affect?
All brands of phones with WhatsApp or WhatsApp Business installed are affected. Including Apple’s iPhone (iOS), Android phones, Windows Phones and Tizen devices, according to Facebook. WhatsApp is used by 1.5 billion people globally.
Have I Been Affected in WhatsApp Hack?
WhatsApp, which is owned by Facebook, hasn’t confirmed how many user accounts have been affected by the hack. But so far a few targets, including a “UK-based human rights lawyer and an Amnesty International researcher, have been identified”, says the Guardian.
WhatsApp has confirmed that the attackers were “able to install spyware through WhatsApp’s voice call function, even if the user did not pick up the call”, according to Sky News.
So, if you haven’t received a WhatsApp voice call from an unknown number or a call that’s been dropped, you’re probably safe right now. There is no way to tell for sure if your account has been hacked.
However, the attack appears to have been targeted at those who work in industries that handle sensitive information. Like lawyers and journalists; therefore if you use WhatsApp for work correspondence, you should be especially vigilant.
Who Is Behind the WhatsApp Hack?
There are strong suspicions that the Israeli cybersecurity company, NSO Group, is behind the hack. The NSO Group has a strong history of producing such advanced malware. As well as having the expertise to execute something of this nature.
Facebook told the Financial Times that the “attack has all the hallmarks of a company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
The statement is referencing the Pegasus spyware the University of Toronto’s Citizen Lab discovered in 2016. Citizen Lab uncovered Pegasus after the highly advanced malware was used to target prominent human rights activist, Ahmed Mansoor. Pegasus used three individual zero-day exploits to conduct a remote iPhone jailbreak. It forced Apple to release an unexpected iOS update to patch the vulnerabilities.
Aside from the alternative method of attack, the WhatsApp hack demonstrates another worrying development. The malware delivered by the WhatsApp exploit didn’t require a click or tap to install. The malware is silent, installs itself, and then deletes the evidence.
NSO Group Statement about WhatsApp Hack
The NSO Group released a statement attempting to distance themselves from the WhatsApp hack.
“NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions.
“We investigate any credible allegations of misuse, and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.
“NSO would not or could not use its technology in its own right to target any person or organization, including this individual.”
Check If You Have the Latest Version of WhatsApp
Whatever you use WhatsApp for, you should update the app to the latest version as soon as possible.
If you are using an Android phone, you can check whether you have the latest version of the app. WhatsApp lists the most recent version on its website. The latest version of WhatsApp on Android is 2.19.134. And if you are using an iPhone, the latest version of WhatsApp for iOS is 2.19.51.
Stay Safe from WhatsApp Hack by Updating It
That said, it is time to update WhatsApp on your devices. WhatsApp rolled out an urgent update in the days immediately following the hack. The update patches the vulnerability.
How to Update WhatsApp on Android
- On your device, open the Google Play Store
- Tap the menu icon in the top-left corner
- Open My Apps & Games
- Check to see if WhatsApp has already updated; it will appear near the top of your apps list if so
- Otherwise, find WhatsApp on the list and select Update
How to Update WhatsApp on iOS
- On your device, open the App Store
- Tap Updates
- Check to see if WhatsApp has already updated; it will appear in the list of apps with an Open button
- If not, the button will say Update; tap the button to install the WhatsApp update
Is It Safe to Use WhatsApp?
Despite how certain publications attempt to frame the WhatsApp hack, the app is still safe to use (after you update!). As you see from the identified targets, unless you fit that bracket, you are not going to encounter an attack of this type.
The post-WhatsApp hack issue lies with poor reporting. WhatsApp carries a reputation for protecting privacy because it uses end-to-end encryption to secure your communication. The fact of the matter is that this attack didn’t breach the encryption.
Publications that frame the attack in this manner only seek to capitalize on the misunderstandings and murkiness already present in a situation with such high-level threat actors.
The WhatsApp hack was a highly specialized and almost invisible attack that WhatsApp and Facebook did well to spot before more targets were compromised. Presenting it in any other manner, as if it is like a regular phishing attempt or a drive-by malware download, is irresponsible.