Things never get bored in Facebook’s HQ. The company recently made public a fix they have put in place to pat a critical vulnerability in WhatsApp. The nickname given to the anomaly is “CVE-2019-3568”, and it was being used to remotely install spyware software on smartphones by calling the targeted device. So far, the company has not identified the perpetrator exploiting the CVE-2019-3568 publicly, but they have described the attackers as a cyber-actor with some power that has targeted selected users.
Facebook described the anomaly stating that it was an overflown buffer vulnerability in Whatsapp’s VOIP stack. This allowed code execution remotely by using a customized build of SRTCP packets that are sent to a targeted phone number. This WhatsApp zero-day vulnerability affects the VOIP stack and allows the flaw to be exploited by remote attacks while executing random code and sending customized SRTCP packets to other targeted mobile devices.
So far there are several known methods which are used to hack WhatsApp accounts according to Wiper, but this is something completely new. However it’s not much surprisingly see that hackers invented some new methods as this happens often. How else they could compromise highly secured systems which already has protection enabled for fell known types of attacks.
Facebook dealt with the issue after releasing an upgrade for Whatsapp on Android 2.19.134, Whatsapp for Business on Android 2.19.44, and Whatsapp for iOS 2.19.51, as well as Whatsapp Business for iOS 2.19.51, Whatsapp for Windows Phone 2.18.348. Whatsapp for Tizen 2.18.15. also received the update. The company also clarified that prior versions of the app would remain vulnerable. Whatsapp also has implemented a server patch that was deployed in the first days of May 2019.
Defining Whatsapp Zero-Day
While the fix is good news, there are few things regarding logistics that are not so much. For starters, a lot of experts have been aware of the ongoing attacks exploiting the Whatsapp zero-day bug to place spyware. Even prominent publications such as The Financial Times had reported that Whatsapp zero-day was being used to threaten people to deliver the spyware that was developed by a surveillance firm named the NSO Group.
The surveillance software was being used by governments around the world to spy on non-governmental organizations such as human rights groups, journalists, activists, dissidents, and lawyers. Many security experts have taken a swing at it, and they have detected some of the tools used at their disposal. One of them is the popular Pegasus spyware for iOS and the app Chrysaor for Android. Chrysaor has been used in attacks against activists and journalists, most of them located in Israel, with a few more located in Turkey, Georgia, Mexico, most of the European Union as well as other countries.
It May Interest You:
> Best Instagram Hacking Software of 2019 & How to Use It
This is why Experts Take the Chrysaor Espionage Seriously
In the past September, a few tidbits of information were released by Citizen Lab. The data revealed that the NSO Pegasus spyware was being used on targets in at least forty-five countries across the planet. Last November, Edward Snowden issued a warning about the abuses taking place with the placement of location of surveillance software, since this one had a substantial role in the murder of Jamal Kasogi, a Saudi Arabian journalist that caught the attention of the world for a good part of the first quarter of 2019.
The Financial Times described a terrifying scenario where attackers could exploit the Whatsapp zero-day vulnerability by making a call to the targeted smartphone using the app. The get advantage of the vulnerability, the target doesn’t have to interact with the device. The victim doesn’t even need to answer the call for the vulnerability to be exploited. The track happens in an instant, and it’s so well-hidden that upon examination, there will be no trace on the targeted smartphone of any malicious calls. You can read full report by BBC News.
The Financial Times also cites the case of an unnamed lawyer in the United Kingdom that was targeted the past May 12th. The attorney is currently involved in a legal case filed against the NSO by private people that were targeted with surveillance software as well. The NSO group has denied any dealings with government agencies to target any UK citizen with their surveillance software.