HomeWinBuzzer NewsWhatsApp Vulnerability Lets Attackers Deploy Spyware via Unanswered Voice Calls

WhatsApp Vulnerability Lets Attackers Deploy Spyware via Unanswered Voice Calls

A WhatsApp vulnerability lets sophisticated attackers install malware on target devices with a degree of stealth. The attack reportedly has roots in security firm NSO Group.

-

Facebook has discovered a dangerous WhatsApp vulnerability that lets sophisticated attackers install spyware via an unanswered voice call. According to the Financial Times, these calls often disappear from logs, so users can be unaware their device is compromised.

Attackers reportedly send SRTPC packets to target phones until it causes a buffer stack overflow. A WhatsApp spokesperson said it became aware of the issue in March and has fixed the issue in the app’s latest update. Users must be on version 2.19.51+ on iOS and 2.19.134+ on Android to be safe.

The spokesperson said an unknown number of people were affected by the hack, but a number at least in the dozens would not be inaccurate. Concerningly, the attack code is thought to have routes in Israeli security company NSO Group, which sells spyware to governments and is owned by American firm Francisco Partners. NSO denies it had any direct role in the attack.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not, or could not, use its technology in its own right to target any person or organization,” it said.

Humans Rights Abuse Accusations

Meanwhile, WhatsApp says it has “all the hallmarks” of a private company working with governments. One of the victims was allegedly a UK humans rights lawyer, who NSO Group again denies it targetted.

NSO has previously been criticized for its Pegasus malware, which government can use for microphone, camera, email, and message access on a device. Ongoing lawsuits claim NSO Group helped clients violate human rights. One of those accuses the firm of aiding the hack and therefore murder of journalist Jamal Khashoggi.

Users can download the latest WhatsApp build from the App Store and Google Play Store.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
We would love to hear your opinion! Please comment below.x
()
x
Mastodon