WhatsApp security flaw exploited by Israeli spyware firm

Israeli 'cyber intelligence' firm NSO Group is believed to have exploited WhatsApp buffer overflow flaw to compromise Android and iPhone devices

A buffer-overflow in WhatsApp has been exploited by an Israeli 'cyber intelligence' firm to compromise Android and iOS smartphones.

According to the Financial Times, attackers are able to compromise users' devices simply by using the WhatsApp's phone call function.

Attackers need only ring targets' phones to install NSO Group's Pegasus surveillance tool. The spyware is installed even if users don't respond to an attacker's phone calls. Moreover, such calls disappear from the call logs after some time.

After the program is installed, it sends user's messages as well as the details of the device's location to attackers. The programme can also use the phone's camera and mic, without user's knowledge.

NSO Group is one of a number of companies that supplies surveillance tools to government security services and law enforcement agencies around the world.

The Financial Times report cited WhatsApp and a 'spyware technology dealer' to support its claims.

WhatsApp learned about the malware and the security flaw it exploits earlier this month. It has ruhsed out patches and is currently investigating the matter to determine the number of handsets targeted by attackers using the technique.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

WhatsApp was acquired by Facebook for around $16 billion in 2014. The messaging app is now used by more than 1.5 billion people worldwide, and is particularly popular in India and Brazil. Message and call security is protected by end-to-end encryption, introduced in 2016.

WhatsApp has informed the US Department of Justice and human rights groups regarding the matter. The company stated that the attack had "all the hallmarks" of a private firm working with government agencies to push spyware.

The vulnerability, named CVE-2019-3568, is basically a buffer overflow flaw in the VoIP stack, and was fixed in updates released on Friday, according to WhatsApp.

While the offenders in this matter are yet to be identified, security experts believe that they are associated with NSO Group. It is accused of developing and supplying tools that governments use for spying on journalists, human-rights activists and opposition politicians.

Among the people targeted by the attackers was a UK-based human rights lawyer, who represented journalists, and a Saudi dissident based in Canada, according to lawsuits directed against NSO Group.

NSO, however, has rejected the claims.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology," the company said. The firm also revealed that it was probing the abuse, including the attack on the UK lawyer.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.