cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Update your Whatsapp ...

Researchers have discovered a way for someone to install malware on your phone simply by placing a voice call to your Whatsapp app.  (From the sounds of things, you don't even have to answer.)

 

Whatsapp has issued a patch.

 

Various reports are stressing different aspects, but there is some speculation that NSO Group has been actively using the vulnerability to target specific individuals or groups.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
8 Replies
dcontesti
Community Champion

And this surprises you?

 


@rslade wrote:

Researchers have discovered a way for someone to install malware on your phone simply by placing a voice call to your Whatsapp app.  (From the sounds of things, you don't even have to answer.)

 

Whatsapp has issued a patch.

 

Various reports are stressing different aspects, but there is some speculation that NSO Group has been actively using the vulnerability to target specific individuals or groups.


 

Shannon
Community Champion

 

Yes, I was getting messages from friends about this today, but I could find no update since the last one I got a couple of weeks ago, so I suppose that took care of it.

 

Like @dcontesti said, we shouldn't be surprised...  Man Wink

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
rslade
Influencer II

> Shannon (Community Champion) posted a new reply in Industry News on 05-14-2019

>   Yes, I was getting messages from friends about this today, but I could find no
> update since the last one I got a couple of weeks ago, so I suppose that took
> care of it.

Intriguing. (Particularly since you are in KSA ...)

I'm showing version 2.19.134 (on Android). How does that compare?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Ignorance is never out of style. It was in fashion yesterday,
it is the rage today, and it will set the pace tomorrow.
-- Franklin K. Dane
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> dcontesti (Community Champion) posted a new reply in Industry News on 05-14-2019

 

> And this surprises you?

 

Not particularly. This seems to be a "developing" story: it isn't clear whether/how much this is being used "in the wild" (although it's intriguing to think that Shannon could be spying on us all 🙂

 

According the (various) reports I've read, it's not even too clear who discovered/reported the vulnerability.

 

And, of course, none of the reports I've read so far have noted that, even if you *do* upgrade, it's not the vulnerability that was being used to spy, but simply as an installation exploit. Which means that, even after upgrading to prevent infection, you still have to find some means of checking if you *have* been infected/compromised ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Shannon
Community Champion

 

 


@rslade wrote:

Intriguing. (Particularly since you are in KSA ...)

What's amusing is that WhatsApp calling is blocked by carriers here, at least most of the time.

 

 

I'm showing version 2.19.134 (on Android). How does that compare?

Yes, it's the same on mine --- and the latest on Google Play --- so we'll have to keep our fingers crossed...

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
AlecTrevelyan
Community Champion

https://www.bbc.co.uk/news/technology-48262681

 

The latest version of WhatsApp on Android is 2.19.134

 

The latest version of WhatsApp on iOS is 2.19.51

 

HTCPCP-TEA
Contributor I

Indeed, no user interaction required, other than having your phone on. 

 

No details of the prevalence in the wild, but has been tracked in it's attack pattern as deliberate and targeted. 

 

It's relatively arbitrary to begin with, using an inherent buffer overflow technique within the VoIP stack of the application. The impressive part is the no-touch deployment, and the clean up so the trace is minimal.

 

Very similar to the "Pegasus" strain seen at the beginning of the month. Not going to say where that particular piece has come from. 

 

🙂

AlecTrevelyan
Community Champion