The HACKER were able to remotely install surveillance software on phones and other devices, which was confirmed by a major vulnerability in the WhatsApp messaging application.
WhatsApp, which is owned by Facebook, said the attack was targeted at a “select number” of users and was orchestrated by “an advanced cybernetic actor.”
A solution was launched on Friday.
The attack was developed by the Israeli security company NSO Group, according to a report published in the Financial Times.
On Monday, WhatsApp urged its 1.5 billion users to update their applications as an additional precaution.
The attack was first discovered earlier this month.
WhatsApp promotes itself as a “secure” communication application because messages are end-to-end encrypted, meaning that they should only be readable on the sender’s or receiver’s device.
However, the surveillance software could allow an attacker to read the messages on the target device.
How was the security error used?
These were attackers who use the WhatsApp voice call function to call the device of a target. Even if the call was not answered, the monitoring software was installed and, as reported by the FT, the call would often disappear from the call log of the device.
WhatsApp told that its security team was the first to identify the error and share that information with human rights groups, selected security providers, and the US Department of Justice. UU. Earlier this month.
“The attack bears all the features of a private company that allegedly works with governments to deliver spyware that involves the functions of the mobile phone operating system,” said the company Monday in an internal journal note.
The company issued a notice, for security specialists, stating the error as “Vulnerability buffer overflow in WhatsApp VOIP [Voice Internet Protocol] allowed external code execution through a series of SRTCP especially designed [secure transport protocol in real time] packages sent to a destination telephone number “.
Professor Alan Woodward of the University of Surrey said it was a “fairly old-fashioned” attack method.
“In a buffer overflow, an application has more memory than you really need, so there is space allocated in memory. If you run a code through the application it can execute code in that area,” he added. explained.
“In VOIP there is an initial process that mark and put the conversation, and the error on that bit. It was therefore not you need to answer the call for the attack to work.”
Some users of the application have wondered why the app store notes associated with the latest update are not explicit about the solution.
Who is behind the software?
The NSO group is an Israeli company that has in the past been referred to as a “cyber weapon seller”. The company is partly owned by the London-based private equity firm Novalpina Capital, which acquired an interest in February.
The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”. The business is part-owned by the London-based private equity firm Novalpina Capital,
The flagship software from NSO, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera and collecting location data.
In a statement, the group said: “NSO technology is authorized to authorize government agencies for the sole purpose of fighting crime and terror.
“The company does not manage the system, and following a rigorous licensing and investigation process, intelligence services and police determine how the technology should be used to support their public security missions.” We investigate all credible allegations of misuse and abuse. If necessary, we take measures, including switching off the system.
“NSO is in no way involved in the operation or identification of the objectives of its technology, which is only managed by law enforcement and intelligence services, and the NSO will not use or be able to use its technology to address itself. person or organization.
Who has been targeted?
WhatsApp said it was too early to know how many users were affected by the vulnerability, but added that the suspected attacks were highly targeted.
Amnesty International, which said it was the target of the tools created by the OSN group in the past, said this attack was one of the human rights groups that it feared was possible.
“They can infect your phone without taking action,” said Danna Ingleton, deputy director of the Amnesty International programs. He said there was growing evidence that the regimes used the tools to keep activists and journalists under surveillance.
“There must be some responsibility for that, it cannot remain a wild West secret industry.”
On Tuesday, a court in Tel Aviv hears a petition led by Amnesty International calling on the Israeli Ministry of Defense to revoke the OSN Group license to export its products.