A zero-day vulnerability with the identification code “CVE-2019-3568” was a nasty one that lurked deep inside WhatsApp’s code for quite a while now. The flaw concerns a buffer overflow vulnerability that allows remote code execution via a specially crafted series of SRTCP packets that are sent to the targeted victim. The only information that the attacker should have in order to carry out the relevant attack is the victim’s phone number. Unfortunately, the first to discover this vulnerability were black-hat hackers, and they used it to install the powerful NSO Pegasus spyware on the victims’ devices.
NSO Group Technologies is an Israeli company that focuses on surveillance solutions and cyber intelligence products. Long story short, they are the company that makes the most advanced smartphone spyware products on the planet. The Pegasus spyware is one of those tools that has leaked outside NSO’s network and is now bought and used by anyone in the wild. The particular tool is very sneaky, so the people who have received it via a WhatsApp call will probably not notice anything weird with their device. The scary part is that the victims wouldn’t even have to answer the call in order to have Pegasus installed on their devices.
If you try to find the call history on WhatsApp, you’ll see nothing in the logs as Pegasus wipes the particular entry. The spyware is able to collect all kinds of data from the infected device like SMS, emails, WhatsApp messages, contacts, call records, GPS coordinates, and even stealthy activate the camera and microphone.
While no details about the number of people who got targeted have been given out yet, the official statement from WhatsApp is that the infection attempts have been successfully blocked. As the Canadian watchdog organization “Citizen Lab” pointed out via a tweet, the malicious actors were not just randomly going after WhatsApp users, but aimed at specific categories like activists of human rights and freedom of speech. As expected, we have seen this type of targeting again in the past, attributed mainly to government agents.
WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software https://t.co/pJvjFMy2aw https://t.co/e8VQUraZWQ
— Citizen Lab (@citizenlab) May 13, 2019
The security flaw has been fixed, and you should update your WhatsApp application immediately. The vulnerability affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Have you ever had any experience with Spyware getting installed on your phone? Share the details with us in the comments section beneath, and don’t forget to check out our socials, on Facebook and Twitter, for more news and stories like this one.