Back to Blog

WhatsApp discovers ‘targeted’ surveillance attack

May 14, 2019

By: Dave Lee

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber-actor”.

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The attack was developed by Israeli firm NSO Group, according to a report in the Financial Times.

Facebook first discovered the flaw in WhatsApp earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

Presentational grey line

How do I update WhatsApp?

Android

  • Open the Google Play store
  • Tap the menu at the top left of the screen
  • Tap My Apps & Games
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on Android is 2.19.134

iOS

  • Open the App Store
  • At the bottom of the screen, tap Updates
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

More: https://www.bbc.com/news/technology-48262681

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.