WhatsApp Hit by VoIP Spyware Attack

WhatsApp Hit by VoIP Spyware Attack

Facebook-owned WhatsApp is the most popular messaging platform in the world with more than 1.5 billion active users. That makes it a big target for hackers, and one group reportedly discovered a vulnerability that allowed them to inject malware into phones. All they had to do was place a voice call.

We’re all familiar with the conventional security advice, such as don’t open suspicious attachments and don’t follow unknown web links. WhatsApp users didn’t need to do anything to end up in trouble with this bug, though. The attackers used VoIP calls in WhatsApp to transmit malware, and the target didn’t even need to answer.

WhatsApp says it identified the bug in early May, but it was already active in the wild. It rolled out a patch this week, but the company is still reluctant to talk about the specifics. This was no amateur operation, after all. Sources point to the notorious Israeli spy firm NSO Group as the perpetrator of the attack. NSO Group is known to work with governments to implant malware on targeted systems. WhatsApp reached out to several human rights groups to provide details about the bug when it realized what had happened, but NSO Group claims it wasn’t involved.

The only definitive information on the hack comes from the Facebook security advisory, which notes the hack leverages a type of bug called a buffer overflow. In these attacks, an attacker attempts to overload buffer zones in memory to force the system to load that data into less-controlled areas. This can lead to crashes or allow the attacker to access critical system components.

WhatsApp Hit by VoIP Spyware Attack

VoIP is not exactly a new technology, but the implementation in each app can be different. That provides opportunities for developers to inadvertently introduce vulnerabilities. WhatsApp features end-to-end encryption, ensuring that only the sender and recipient of a message can read it. The spyware injected by NSO Group allegedly allowed a third-party to see the messages after they were decrypted on the user’s phone.

This attack was highly targeted, focusing on activists and human rights attorneys. So, odds are that no one will be placing a malware call to your device. That said, other bad actors might be able to work out the method used by NSO Group to carry out a less-targeted campaign. All WhatsApp users should upgrade to the latest version of the app, which has a fix in place for the VoIP attack.

Continue reading

Plex Media Servers Being Used to Amplify DDoS Attacks
Plex Media Servers Being Used to Amplify DDoS Attacks

The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There's not much Plex users can do about it right now, either.

Cyberpunk Developer Hit with Ransomware Attack
Cyberpunk Developer Hit with Ransomware Attack

The perpetrators claim to have swiped source code to the company's games, as well as embarrassing internal documents. All will be released unless CDPR pays up, which it says it isn't going to do.

Apple Files Lawsuit Against NSO Group for its Pegasus Spyware Attacks
Apple Files Lawsuit Against NSO Group for its Pegasus Spyware Attacks

Apple has announced a lawsuit against NSO Group and its parent company over its Pegasus spyware, seeking to prevent the group from using any of Apple's services and hardware in the future.

Nvidia Hit by Possible Cyber Attack
Nvidia Hit by Possible Cyber Attack

Reports indicate the attack began at the same time as the Russian incursion into Ukraine.