• Follow us

Technology

Software Bug Gives Spyware Free Rein With a Single WhatsApp Call | Malware

By John P. Mello Jr. May 15, 2019 5:00 AM PT

Many users of Facebook's WhatsApp messaging software were scrambling to patch the program on Tuesday, in response to news of a flaw that allowed spyware to be installed on mobile phones running Android and iOS.

"This new type of attack is deeply worrying and shows how even the most trusted mobile apps and platforms can be vulnerable," said Mike Campin, vice president of engineering at Wandera, a mobile security provider based in San Francisco.

"While this attack is based on a previously identified exploit known as Pegasus, the fact that it has been repackaged into a form that can be delivered via a simple WhatsApp call has shocked many," he continued.

WhatsApp, which is used by 1.5 billion people worldwide, typically is not deployed as an official corporate messaging application, Campin noted, but it is used widely internationally, both on employees' personal devices and on corporate-issued devices.

That can be problematic for organizations, he said, because once exploited via this new attack, the attacker has complete control and visibility of all data on the phone.

Quick Action

WhatsApp on Monday advised users to patch the software as soon as possible to avoid any potential infections.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," the company said in a statement.

Affected versions of the program are as follows:

WhatsApp for Android prior to v2.19.134 WhatsApp Business for Android prior to v2.19.44 WhatsApp for iOS prior to v2.19.51 WhatsApp Business for iOS prior to v2.19.51 WhatsApp for Windows Phone prior to v2.18.348 WhatsApp for Tizen prior to v2.18.15

Once it was made aware of the vulnerability, the company acted relatively quickly to issue a patch. It fixed the app's infrastructure in 10 days, and it released a secure version of the software last Friday. It also notified law enforcement authorities in the United States and United Kingdom.

"It seems that they acted quickly on fixing the vulnerability and notifying the public and the government," said Joseph A. Turner, chief Intelligence officer of Proventus Cybersecurity, a computer and network security company in Aliso Viejo, California.

That nimble response may benefit both WhatsApp and its parent, Facebook.

"With the way WhatsApp dealt with this vulnerability, and since it seems that an outside attacker is involved, there are no fingers pointed at Facebook or WhatsApp at this time," Turner told TechNewsWorld.

"However, we are seeing users move to other messaging apps due to privacy concerns," he added.

Scary Development

By exploiting the flaw in WhatsApp, an attacker could insert malicious code into a phone by simply placing a WhatsApp call, even if the call went unanswered.

The exploit should be of particular concern for iPhone users, noted Rusty Carter, vice president for product management at Arxan Technologies, an application protection company in San Francisco.

"Apple's ecosystem has this reputation of safety, and sandboxing applications to prevent one from interfering with another," he told TechNewsWorld.

"This event blows that apart," Carter continued, "because here we have a vulnerability in a single app allowing someone to install software that affects the entire device and all the software running on it. This is a scary development."

Human Rights Lawyer Targeted

The malicious code's digital footprint is similar to spyware tools marketed by the NSO Group, an Israeli maker of military grade hacking tools, according to security researchers who examined it..

One of the targets of the spyware, according to a New York Times report, was a London lawyer who has been involved in a number of lawsuits involving NSO. The complaints accuse NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists.

"NSO's technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror," the company said in a statement.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," it continued.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system," the company maintained. "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies."

"NSO would not or could not use its technology in its own right to target any personal organization, including this individual," it added.

Better Management of Dangerous Weapons

The WhatsApp hack is an example of military cyberweapons getting out "into the wild" and being used by criminals, much like the WannaCry attack on the UK's National Health System two years ago, said Mark Skilton, a professor with digital communications expertise at the Warwick Business School in Coventry, UK.

"It is a reminder of how much trust we put in these social media platforms to protect our privacy," he said. "In this case we might not detect this attack to install spyware on our messages, like a phishing email, until it's too late."

It will never be possible for systems to be 100 percent safe, he acknowledged, but at the end of the day, large public platforms like Facebook, Google and Twitter should be more accountable for management of their platforms.

"We need the systems they use to be tested constantly, but the bigger issue here is about the proper management of these types of weapons," Skilton said.

"Firms like NSO, who reportedly developed the spyware used on WhatsApp, have a responsibility to prevent them from getting into the wrong hands, and used on targets such as Amnesty International and the NHS, where it can have disastrous consequences for vulnerable people," he continued.

"These new cyber weapons must be classified as very dangerous in the wrong hands and managed as such," Skilton added.

Move to Block Export License

Meanwhile, Amnesty International on Monday moved to block the export of military grade cyberweapons at their source, through a lawsuit filed in the District Court of Tel Aviv, which aims to revoke NSO's export license.

In its complaint, Amnesty alleges one of its employees came under attack from NSO software.

"NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics," said Danna Ingleton, deputy director of Amnesty Tech.

"The attack on Amnesty International was the final straw," she observed.

Israel's Ministry of Defense has ignored mounting evidence linking NSO to attacks on human rights defenders, Ingleton maintained.

"As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International's staff and that of other activists, journalists and dissidents around the world is at risk," she added.

The legal action is supported by Amnesty International as part of a joint project with the New York University School of Law's Bernstein Institute for Human Rights and Global Justice Clinic.

"The targeting of human rights defenders for their work, using invasive digital surveillance tools, is not permissible under human rights law," said Margaret Satterthwaite, the institute's faculty director.

"Without stronger legal checks, the spyware industry enables governments to trample on the rights to privacy, freedom of opinion and expression," she added. "The Israeli government needs to revoke NSO Group's export license and stop it profiting from state-sponsored repression."

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Read More



Leave A Comment

More News

TechNewsWorld

Qualcomm and Huawei: Now Things Are Just Getting 2019-05-27 08:00:00Qualcomm just lost its seemingly no-lose case against the FTC, largely because it seems the judge was only physically in the room during the trial. Th

T-Mobile-Sprint Merger Teeters Between FCC Approval, DoJ Rejection 2019-05-23 13:42:07United States Federal Communications Commission Chairman Ajit Pai this week gave the green light to a merger between T-Mobile and Sprint, currently th

US Post Office to Test-Drive Autonomous Trucks 2019-05-22 14:21:28The U.S. Postal Service has announced a pilot project using self-driving trucks. It will conduct the two-week experiment in collaboration with TuSimpl

5G Could Mess With Accuracy of Weather Forecasts 2019-05-21 06:06:33Next-generation 5G mobile communications technology could have a harmful impact on weather forecasting in the United States, based on expert testimony

The Rebirth of the Personal Computer 2019-05-20 13:54:46I went to Lenovo Accelerate last week and feasted my eyes on one of the most innovative PCs I've ever seen. However, as I absorbed the rest of Lenov

Budgeting Software Options to Keep Linux Users From 2019-05-17 12:48:53Budget apps for Linux are part of a software category that has been all but abandoned. But take heart. A number of Web-based solutions will more than

How Artificial Intelligence Is Reshaping the Workforce 2019-05-17 08:00:00Shoppers soon might see a lot more robots in Walmart stores -- but not toy robots or even human assistant gadgets that are available for purchase. Wal

Digging for Bitcoin Is a Labor of Love 2019-05-16 15:25:46It would have been reasonable for those attending Josh Bressers' session at CypherCon -- myself included -- to expect a presentation by a cryptocurre

Zombieload, Fallout, and 2 Other CPU Flaws Have 2019-05-16 12:21:56The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs -- four new MDS vulnerabilities have come to light. MDS is a sub-c

Software Bug Gives Spyware Free Rein With a 2019-05-15 08:00:00Many users of Facebook's WhatsApp messaging software are scrambling to patch the program in response to news of a flaw that allowed spyware to be ins

PCWorld

Kill ATX? The radical Asus Prime Utopia looks 2019-05-28 11:20:00What piece of technology are you still using from 1995? Your computer case. Yes, if you run a desktop tower, it’s likely built on the Intel ATX

Layers of Fear 2 review: A brilliant psychological 2019-05-28 10:31:00Layers of Fear 2 is brilliant, and unfortunately it probably won’t be recognized as such because it defies genre definitions. In 2016, writing a

Apple's surprise iPod touch refresh has a faster 2019-05-28 09:30:00Apple has unveiled the seventh-generation iPod touch with an A10 processor and a new 256GB storage option.

Amazon's one-day PC gear blowout offers deep discounts 2019-05-28 09:23:00Memorial Day 2019 may be over, but Amazon still has a blowout sale hangover it’s sharing with everyone. On Tuesday, the retailer is running a ma

Xiaomi Mi Smart Plug WiFi review: A commodity 2019-05-28 06:01:00Don’t be enticed by the low price: This smart plug is a me-too wannabe.

Best smart plugs: These gadgets will turn any 2019-05-28 06:00:00With models from Lutron, Wemo, Leviton, iDevices, and others, it can be difficult to know which easy and inexpensive device is best for controlling th

Hands-on: Dell's XPS 13 2-in-1 gets thinner and 2019-05-28 03:01:00Let’s be honest, Dell’s XPS 13 2-in-1 has been the Jan Brady of the famed XPS family. Not anymore. The new Dell XPS 13 2-in-1 7390 finally

Who should buy Intel's 10th-gen CPU in a 2019-05-28 03:00:00With Intel’s 10th-generation Ice Lake CPU finally here, you may be wondering whether to wait for laptops to come out with the new CPU, rather th

Intel's 'Ice Lake' 10th-gen Core CPUs boost graphics 2019-05-28 02:00:00Intel’s upcoming 10nm “Ice Lake” processor won’t deliver any more cores and threads than its current 8th-gen parts, and a

Here's what's inside Intel's boundary-pushing 'Project Athena' laptops—and 2019-05-28 02:00:00After unveiling its grand vision for the future of mobile computing at CES in January, Intel finally provided more detail on what exactly will be insi

How the Intel Ice Lake processor's new AI 2019-05-28 02:00:00Those who buy an Intel notebook with Ice Lake this fall may start to see increased instances of something special: a sprinkling of AI magic, first her

AMD's Lisa Su at Computex, on the record: 2019-05-28 00:52:00After AMD chief executive Lisa Su wowed a Computex audience with her announcement of a cost-effective Ryzen 9 3900X, we were still left with some

FOX News

Apple rejects Google CEO's criticism over privacy being 2019-05-28 11:17:59A senior Apple executive dismissed Google CEO Sundar Pichai's claim that Apple is only able to focus on privacy because it charges a premium for its

MacKenzie Bezos pledges half of $35B fortune to 2019-05-28 10:17:02MacKenzie Bezos said on Tuesday that she would pledge half of her enormous fortune to charity, something her ex-husband, Jeff, has been criticized for

Amazon is eyeing a return to New York 2019-05-28 08:27:18“We don’t comment on rumors or speculation,” an Amazon spokeswoman said.

All 3 Navy Zumwalts now 'in the water' 2019-05-28 08:08:29Eluding radar, quietly sailing into enemy territory and launching long-range precision attacks from less-detectable positions all begin to paint the p

Snapchat employees abused data access, spied on users: 2019-05-27 05:00:44Snapchat employees have been using internal tools — which offer them privileged access to user data — to spy on people’s pages, a re

CrossFit quits Facebook, Instagram, accuses social media giant 2019-05-25 09:38:54CrossFit, the branded workout regimen, accused Facebook of being “utopian socialists” and left the platform after the social network delet

The real cost of cutting the cord: What 2019-05-25 08:00:41Most of us have a love-hate relationship with cable. We like television. We love a handful of stations. But we don't need hundreds of useless channel

Buyer beware: Google is tracking your purchases via 2019-05-25 08:00:04Rack it up as one more way Google tracks your personal data. 

How the Gulf War combat debut of 'stealth 2019-05-24 14:02:07When GPS-enabled sensors pinpointed enemy targets, surveillance aircraft monitored enemy troop movements and stealth bombers eluded radar tracking fro

Mark Zuckerberg claims Facebook security efforts will suffer 2019-05-24 11:35:00(Photo by Drew Angerer/Getty Images) Mark Zuckerberg is countering calls to break up Facebook, saying that doing so would only diminish his company's

Google AI detected lung cancer better than radiologists, 2019-05-21 11:58:49Google unveiled an artificial intelligence system that demonstrated an amazing ability to detect lung cancer in early testing and even outperformed ra

Trolls using Instagram to 'try to show Trump 2019-05-21 10:29:17As the 2020 U.S. presidential election campaign draws nearer, an independent study has uncovered a coordinated troll campaign using Instagram in an at

TechCrunch

Move over Ready Player One — the future 2019-05-28 11:30:44Last week Modsy, a San Francisco-based startup raised a large amount of funding – $37 million in C-round funding to be precise. And that followe

IBM-Maersk blockchain shipping consortium expands to include other 2019-05-28 11:02:32Last year IBM and Danish shipping conglomerate Maersk announced the limited availability of a blockchain-based shipping tool called TradeLens. Today,

MacKenzie Bezos pledges to give away more than 2019-05-28 10:50:47MacKenzie Bezos, the world’s third-richest woman following her divorce from Amazon founder and CEO Jeff Bezos, has signed the Giving Pledge &mda

Glovo faces safety protests after delivery rider killed 2019-05-28 10:44:42Spanish on-demand delivery startup Glovo is facing angry protests from couriers on its platform following the death of a 22-year-old rider on Saturday

Huawei reassesses FedEx relationship over ‘misrouted’ packages 2019-05-28 10:35:30Huawei is understandably reexamining a number of relationships in the wake of a recent U.S. trade ban. While various component and software providers

Q&A with J Crowley, Head of Product at 2019-05-28 10:12:40The role of Product Manager can mean very different things at various companies. Should a product manager be technical? Scientific? Opinionated? J Cro

Paladin Drones picks up $1.3M to give first 2019-05-28 10:11:31In emergency situations, minutes can mean the difference between life and death. Paladin Drones, a company launching out of Y Combinator, wants to use

Out of stealth, Stratio emerges with predictive AI 2019-05-28 10:00:54Remember that future we were promised where our vehicle magically tells us that we’re about to break down? Or actually never does? Or that the p

DJI launches a new onboard drone computer for 2019-05-28 09:51:14DJI this morning announced the latest version of its Manifold on-board drone computer. The second-generation device can be programmed for myriad diffe

Google makes mobile-first indexing the default for all 2019-05-28 09:50:31At the end of 2018, Google said mobile-first indexing — that is, using a website’s mobile version to index its pages — was being use

Amazon defeated shareholder’s vote on facial recognition by 2019-05-28 09:27:07Efforts by shareholders to instruct Amazon to stop selling its facial recognition technology to government customers failed by a wide margin, accordin

Super Mario Maker 2 builds on Nintendo’s rich 2019-05-28 09:00:39In 1992, Nintendo released Mario Paint. The SNES title was a strange departure, even as far as the diverse and wide-ranging gameplay of Mario’s

Electrek

GM plans own large EV charging network in 2019-05-28 11:48:09 GM confirmed today that it plans to its own large electric car charging network with thousands of fast-charging stations in the US, but the automaker

Trump administration to ignore long-term climate projections in 2019-05-28 11:04:33 The federal government is preparing to cast aside its long-term projections of climate change in what’s being called “a new assault&rdquo

Bosch’s 2020 mid-drive e-bike motor and batteries revealed, 2019-05-28 09:51:34 Our first look at Bosch’s new mid-drive motor and batteries have come in the form of leaked pictures and specs. The new e-bike package is shapi

Tesla makes people guess made-in-China Model 3 price 2019-05-28 09:28:06 Tesla is apparently preparing to announce the price of its made-in-China Model 3 later this week, but in the meantime, the automaker wants people to

EGEB: Colorado town going 100% renewable this week, 2019-05-28 09:03:57 In today’s EGEB: Glenwood Springs, Colo. going all renewable on June 1. A solar park in Greece will be the largest in southeast Europe. Watch c

See the upcoming MINI Electric get assembled in 2019-05-28 06:56:37 It’s been ten years since the original MINI E hit the road in limited numbers, and BMW is ramping towards production of a new model slated to b

New VW ID3 electric hatchback prototypes spotted in 2019-05-28 05:19:56 Volkswagen is working to bring to market the VW ID3 electric hatchback as their first mass-market next-gen electric car and now new prototypes have b

Tesla offers way to override new charge limitation 2019-05-27 19:26:41 Tesla introduced a new 80% limit to the top State of Charge (SOC) at busy Supercharger stations in order to reduce wait times, but the automaker now

Ionity opens 100th charging station in Europe 2019-05-27 16:27:20 High-speed charging network Ionity reached a milestone with the recent opening of its 100th charging station in Europe. more… Subscribe to El

First look at Tesla’s new Raven Model S/X 2019-05-27 14:58:29 Tesla recently launched upgraded versions of Model S and Model X codenamed ‘Raven’ with a new adaptive suspension, and now we get a first

VW needs to rethink its massive battery supply 2019-05-27 12:54:20 The Volkswagen group is in the midst of securing a massive amount of battery cell supply to support its ambitious electric vehicle push, but one of i

Ireland’s railways going green — Irish Rail to 2019-05-27 11:00:21 Irish Rail has started a tender process for “the largest and greenest fleet order in Irish public transport history” as it looks to add 6


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.