cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Update your Whatsapp ...

Researchers have discovered a way for someone to install malware on your phone simply by placing a voice call to your Whatsapp app.  (From the sounds of things, you don't even have to answer.)

 

Whatsapp has issued a patch.

 

Various reports are stressing different aspects, but there is some speculation that NSO Group has been actively using the vulnerability to target specific individuals or groups.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
8 Replies
Community Champion

Re: Update your Whatsapp ...

And this surprises you?

 


@rslade wrote:

Researchers have discovered a way for someone to install malware on your phone simply by placing a voice call to your Whatsapp app.  (From the sounds of things, you don't even have to answer.)

 

Whatsapp has issued a patch.

 

Various reports are stressing different aspects, but there is some speculation that NSO Group has been actively using the vulnerability to target specific individuals or groups.


 

Community Champion

Re: Update your Whatsapp ...

 

Yes, I was getting messages from friends about this today, but I could find no update since the last one I got a couple of weeks ago, so I suppose that took care of it.

 

Like @dcontesti said, we shouldn't be surprised...  Man Wink

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Highlighted
Community Champion

Re: Update your Whatsapp ...

> Shannon (Community Champion) posted a new reply in Industry News on 05-14-2019

>   Yes, I was getting messages from friends about this today, but I could find no
> update since the last one I got a couple of weeks ago, so I suppose that took
> care of it.

Intriguing. (Particularly since you are in KSA ...)

I'm showing version 2.19.134 (on Android). How does that compare?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Ignorance is never out of style. It was in fashion yesterday,
it is the rage today, and it will set the pace tomorrow.
-- Franklin K. Dane
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Update your Whatsapp ...

> dcontesti (Community Champion) posted a new reply in Industry News on 05-14-2019

 

> And this surprises you?

 

Not particularly. This seems to be a "developing" story: it isn't clear whether/how much this is being used "in the wild" (although it's intriguing to think that Shannon could be spying on us all :-)

 

According the (various) reports I've read, it's not even too clear who discovered/reported the vulnerability.

 

And, of course, none of the reports I've read so far have noted that, even if you *do* upgrade, it's not the vulnerability that was being used to spy, but simply as an installation exploit. Which means that, even after upgrading to prevent infection, you still have to find some means of checking if you *have* been infected/compromised ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: Update your Whatsapp ...

 

 


@rslade wrote:

Intriguing. (Particularly since you are in KSA ...)

What's amusing is that WhatsApp calling is blocked by carriers here, at least most of the time.

 

 

I'm showing version 2.19.134 (on Android). How does that compare?

Yes, it's the same on mine --- and the latest on Google Play --- so we'll have to keep our fingers crossed...

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Contributor III

Re: Update your Whatsapp ...

https://www.bbc.co.uk/news/technology-48262681

 

The latest version of WhatsApp on Android is 2.19.134

 

The latest version of WhatsApp on iOS is 2.19.51

 

Contributor I

Re: Update your Whatsapp ...

Indeed, no user interaction required, other than having your phone on. 

 

No details of the prevalence in the wild, but has been tracked in it's attack pattern as deliberate and targeted. 

 

It's relatively arbitrary to begin with, using an inherent buffer overflow technique within the VoIP stack of the application. The impressive part is the no-touch deployment, and the clean up so the trace is minimal.

 

Very similar to the "Pegasus" strain seen at the beginning of the month. Not going to say where that particular piece has come from. 

 

Smiley Happy

Contributor III

Re: Update your Whatsapp ...