Follow Us:
Friday, April 03, 2020

WhatsApp vulnerability allowed hackers to monitor voice calls via spyware

WhatsApp discovered the vulnerability earlier this week and has issued a security advisory asking its users to update the app. The loophole allowed attackers simply to call a user and install the surveillance software even if the call was not picked up.

By: Tech Desk | New Delhi | Updated: May 14, 2019 9:20:04 am
WhatsApp discovered the vulnerability earlier this week and has issued a security advisory asking its users to update the app.

A vulnerability in the messaging app WhatsApp let attackers install spyware on the users’ phone, reported BBC News. It remains unknown how many WhatsApp users were affected. The Facebook-owned company discovered the vulnerability and issued a security advisory earlier this week, asking its users to update the app.

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said. The company has rolled out a fix, though it is unclear how many users were affected. WhatsApp said in a statement to BBC that the attack targeted a “select number” of users.

According to a Financial Times report, which first reported that the bug has was installed by a private Israeli security firm NSO Group, used its software Pegasus. It was able to take advantage of WhatsApp’s voice call feature to infect the phones.

The loophole allowed attackers simply to call a user and install the surveillance software even if the call was not picked up. According to FT, the call would sometimes not even show up in a user’s call log.

The issue seems to affect Android prior to version 2.19.134 and WhatsApp Business for Android prior to version 2.19.44. For iOS, WhatsApp prior to version 2.19.51 and WhatsApp Business prior to version 2.19.51 seems to have been affected. WhatsApp for Windows Phone prior to version 2.18.348, and WhatsApp for Tizen prior to version 2.18.15 devices have been advised to update the app as well.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

Advertisement
Advertisement
Advertisement
Advertisement