WhatsApp attack allowed hackers to install surveillance tech

Whatsapp app icon on an iPhone
Image credit: Pixabay (Image credit: Image credit: Pixabay)

A recently discovered security flaw in the popular messaging app WhatsApp has been exploited to secretly install spyware onto users' devices.

As the software suffers from a buffer overflow weakness, hackers can take over the application to run malicious code which gives them access to encrypted chats, photos, contacts and other data stored on a smartphone running the app.

The attack could even allow a hacker to spy on a user's day to day activities as it turns on their device's microphone and camera and even allows them to eavesdrop on calls. To make matters worse, an attacker can also alter an infected device's call logs to hide the fact that it has been compromised.

To launch the attack, a hacker simply needs to manipulate the packets of data sent when beginning a voice call to their victim. When the victim's smartphone receives these packets, an internal buffer within the app is forced to overflow which overwrites other parts of its memory and gives an attacker almost complete control of the messaging app.

WhatsApp security flaw

Facebook's engineers have been busy trying to patch the flaw, designated as CVE-2019-3568, and an updated version of WhatsApp has already been pushed out to users. So if you see an update is available for WhatsApp, it is highly recommended that you install it on all of your devices.

The vulnerability itself affects the Android, iOS and even the Windows Phone version of the app used by 1.5bn people globally.

While the identity of the group behind the exploit has not yet been revealed, Facebook believes the attacks could have been launched by a private company as opposed to cybercriminals as it told the Financial Times when the news first broke, saying:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.” 

Currently the NSO Group, that sells its own spyware package called Pegasus to governments around the world, is believed to be behind the attacks. This is because the WhatsApp exploit shares many similarities with Pegasus which can record phone calls, open messages, turn on a device's camera and microphone and relay back location data.

Facebook may have patched WhatsApp's vulnerabilities but it is likely that we will see similar attacks pop up in the future due to how much information can be gained from hijacking popular messaging apps.

Via The Register

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.