WhatsApp exploit let attackers install government-grade spyware on phones

Srivishnu Ramakrishnan

Whatsapp is the world best messaging service app, period. But, recently the company fixed a vulnerability it had that allowed the attackers to install malicious spyware on affected phones. Moreover, it is stated that the attackers did install with a commercial grade package usually which is sold to the national government.

You can read the official statement made by Facebook (Owner of Whatsapp) in their FB Page;

Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Last Updated: 2019-05-13

It was detected in May early this year which was confirmed to Techcrunch. According to reports in Techcrunch, the vulnerability allowed the callers to install spyware on the device being called. The spyware was made by the Israel based NSO Group Pegasus which is usually licensed to governments. Surprisingly, on the brighter side, WhatsApp said it took less than 10 days after the harm was discovered. It stated that;

This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.

To stay on the safer side you must install the latest version of WhatsApp to be out of harm’s way.

SEE ALSO  Get Ready To See More Ads From Google On Your Phones

Source: Techcrunch

Leave a Comment