Facebook-owned WhatsApp is the most popular messaging platform in the world with more than 1.5 billion active users. That makes it a big target for hackers, and one group reportedly discovered a vulnerability that allowed them to inject malware into phones. All they had to do was place a voice call.
We’re all familiar with the conventional security advice, such as don’t open suspicious attachments and don’t follow unknown web links. WhatsApp users didn’t need to do anything to end up in trouble with this bug, though. The attackers used VoIP calls in WhatsApp to transmit malware, and the target didn’t even need to answer.
WhatsApp says it identified the bug in early May, but it was already active in the wild. It rolled out a patch this week, but the company is still reluctant to talk about the specifics. This was no amateur operation, after all. Sources point to the notorious Israeli spy firm NSO Group as the perpetrator of the attack. NSO Group is known to work with governments to implant malware on targeted systems. WhatsApp reached out to several human rights groups to provide details about the bug when it realized what had happened, but NSO Group claims it wasn’t involved.
The only definitive information on the hack comes from the Facebook security advisory, which notes the hack leverages a type of bug called a buffer overflow. In these attacks, an attacker attempts to overload buffer zones in memory to force the system to load that data into less-controlled areas. This can lead to crashes or allow the attacker to access critical system components.
VoIP is not exactly a new technology, but the implementation in each app can be different. That provides opportunities for developers to inadvertently introduce vulnerabilities. WhatsApp features end-to-end encryption, ensuring that only the sender and recipient of a message can read it. The spyware injected by NSO Group allegedly allowed a third-party to see the messages after they were decrypted on the user’s phone.
This attack was highly targeted, focusing on activists and human rights attorneys. So, odds are that no one will be placing a malware call to your device. That said, other bad actors might be able to work out the method used by NSO Group to carry out a less-targeted campaign. All WhatsApp users should upgrade to the latest version of the app, which has a fix in place for the VoIP attack.
Dutch Intelligence Tipped off FBI, NSA on Russian Cyber Attacks
The US has been certain the Russians hacked the DNC and State Department, and now we know part of why. It was Dutch intelligence operatives that hacked into some of Russia's own institutions — including their closed-circuit television cameras.
A New Wave of Spectre-Class Attacks May Be Coming for Intel CPUs
A new set of CPU vulnerabilities could be inbound, with up to eight different attacks said to target Intel CPUs — but we'd recommend adopting a wait-and-see approach.
Serious Rowhammer Attacks Can Now Be Carried Out Remotely
Memory corrupting techniques used for local attacks can now be launched remotely, with no need for privilege escalation or direct system access.
North Korea Targeting Defectors with Android Malware Attacks
The attack likely infected around 100 targets, which isn't a huge number compared with most malware campaigns. However, these were all highly targeted infiltrations to gather intelligence on political opponents.