https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22313#M2769 <P>Indeed, no user interaction required, other than having your phone on.&nbsp;</P><P>&nbsp;</P><P>No details of the prevalence in the wild, but has been tracked in it's attack pattern as deliberate and targeted.&nbsp;</P><P>&nbsp;</P><P>It's relatively arbitrary to begin with, using an inherent buffer overflow technique within the VoIP stack of the application. The impressive part is the no-touch deployment, and the clean up so the trace is minimal.</P><P>&nbsp;</P><P>Very similar to the "Pegasus" strain seen at the beginning of the month. Not going to say where that particular piece has come from.&nbsp;</P><P>&nbsp;</P><P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 15 May 2019 08:23:20 GMT HTCPCP-TEA 2019-05-15T08:23:20Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22281#M2761 <P>Researchers have discovered a way for someone to <A href="https://www.ctvnews.ca/sci-tech/whatsapp-discovers-spyware-that-infected-with-a-call-alone-1.4421075" target="_blank" rel="noopener">install malware on your phone simply by placing a voice call to your Whatsapp app</A>.&nbsp; (From the sounds of things, you don't even have to answer.)</P><P>&nbsp;</P><P>Whatsapp has issued a patch.</P><P>&nbsp;</P><P>Various reports are stressing different aspects, but there is some speculation that <A href="https://www.telegraph.co.uk/technology/2019/05/14/whatsapp-flaw-allowed-israeli-hackers-snoop-phones/" target="_blank" rel="noopener">NSO Group has been actively using the vulnerability to target specific individuals or groups</A>.</P> Tue, 14 May 2019 16:48:41 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22281#M2761 rslade 2019-05-14T16:48:41Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22289#M2762 <P>And this surprises you?</P><P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><P>Researchers have discovered a way for someone to <A href="https://www.ctvnews.ca/sci-tech/whatsapp-discovers-spyware-that-infected-with-a-call-alone-1.4421075" target="_blank" rel="noopener">install malware on your phone simply by placing a voice call to your Whatsapp app</A>.&nbsp; (From the sounds of things, you don't even have to answer.)</P><P>&nbsp;</P><P>Whatsapp has issued a patch.</P><P>&nbsp;</P><P>Various reports are stressing different aspects, but there is some speculation that <A href="https://www.telegraph.co.uk/technology/2019/05/14/whatsapp-flaw-allowed-israeli-hackers-snoop-phones/" target="_blank" rel="noopener">NSO Group has been actively using the vulnerability to target specific individuals or groups</A>.</P><HR /></BLOCKQUOTE><P>&nbsp;</P> Tue, 14 May 2019 17:21:53 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22289#M2762 dcontesti 2019-05-14T17:21:53Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22294#M2763 <P>&nbsp;</P><P>Yes, I was getting messages from friends <A href="https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&amp;objectid=12230963" target="_blank" rel="noopener">about this</A> today, but I could find no update since the last one I got a couple of weeks ago, so I suppose that took care of it.</P><P>&nbsp;</P><P>Like&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;said, we shouldn't be surprised...&nbsp;&nbsp;<img id="manwink" class="emoticon emoticon-manwink" src="https://community.isc2.org/i/smilies/16x16_man-wink.png" alt="Man Wink" title="Man Wink" /></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 May 2019 18:19:29 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22294#M2763 Shannon 2019-05-14T18:19:29Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22297#M2764 &gt; Shannon (Community Champion) posted a new reply in Industry News on 05-14-2019<BR /><BR />&gt; &nbsp; Yes, I was getting messages from friends about this today, but I could find no<BR />&gt; update since the last one I got a couple of weeks ago, so I suppose that took<BR />&gt; care of it.<BR /><BR />Intriguing. (Particularly since you are in KSA ...)<BR /><BR />I'm showing version 2.19.134 (on Android). How does that compare?<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Ignorance is never out of style. It was in fashion yesterday,<BR />it is the rage today, and it will set the pace tomorrow.<BR />-- Franklin K. Dane<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Tue, 14 May 2019 19:06:41 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22297#M2764 rslade 2019-05-14T19:06:41Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22299#M2765 <P>&gt; dcontesti (Community Champion) posted a new reply in Industry News on 05-14-2019</P><P>&nbsp;</P><P>&gt; And this surprises you?</P><P>&nbsp;</P><P>Not particularly. This seems to be a "developing" story: it isn't clear whether/how much this is being used "in the wild" (although it's intriguing to think that Shannon could be spying on us all <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>According the (various) reports I've read, it's not even too clear who discovered/reported the vulnerability.</P><P>&nbsp;</P><P>And, of course, none of the reports I've read so far have noted that, even if you *do* upgrade, it's not the vulnerability that was being used to spy, but simply as an installation exploit. Which means that, even after upgrading to prevent infection, you still have to find some means of checking if you *have* been infected/compromised ...</P> Tue, 14 May 2019 19:15:23 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22299#M2765 rslade 2019-05-14T19:15:23Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22301#M2766 <P>&nbsp;</P><P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><BR />Intriguing. (Particularly since you are in KSA ...)<BR /><HR /></BLOCKQUOTE><P>What's amusing is that WhatsApp calling is blocked by carriers here, at least most of the time.</P><P>&nbsp;</P><P>&nbsp;</P><BLOCKQUOTE>I'm showing version 2.19.134 (on Android). How does that compare?</BLOCKQUOTE><P>Yes, it's the same on mine --- and the latest on Google Play --- so we'll have to keep our fingers crossed...</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 May 2019 19:53:37 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22301#M2766 Shannon 2019-05-14T19:53:37Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22308#M2767 <P><A href="https://www.bbc.co.uk/news/technology-48262681" target="_blank">https://www.bbc.co.uk/news/technology-48262681</A></P><P>&nbsp;</P><P>The latest version of WhatsApp on Android is 2.19.134</P><P>&nbsp;</P><P>The latest version of WhatsApp on iOS is 2.19.51</P><P>&nbsp;</P> Tue, 14 May 2019 21:34:32 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22308#M2767 AlecTrevelyan 2019-05-14T21:34:32Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22313#M2769 <P>Indeed, no user interaction required, other than having your phone on.&nbsp;</P><P>&nbsp;</P><P>No details of the prevalence in the wild, but has been tracked in it's attack pattern as deliberate and targeted.&nbsp;</P><P>&nbsp;</P><P>It's relatively arbitrary to begin with, using an inherent buffer overflow technique within the VoIP stack of the application. The impressive part is the no-touch deployment, and the clean up so the trace is minimal.</P><P>&nbsp;</P><P>Very similar to the "Pegasus" strain seen at the beginning of the month. Not going to say where that particular piece has come from.&nbsp;</P><P>&nbsp;</P><P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 15 May 2019 08:23:20 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22313#M2769 HTCPCP-TEA 2019-05-15T08:23:20Z https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22314#M2770 <P>Some technical analysis of the issue/fix:</P><P>&nbsp;</P><P><A href="https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/" target="_blank">https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/</A></P><P>&nbsp;</P> Wed, 15 May 2019 08:32:14 GMT https://community.isc2.org/t5/Industry-News/Update-your-Whatsapp/m-p/22314#M2770 AlecTrevelyan 2019-05-15T08:32:14Z