The malicious software was injected in users phone by making WhatsApp voice calls, regardless of whether the user has answered the call or not. In some cases, these calls just vanished from the call logs leaving the targeted users clueless of the attack. There is a possibility that this spyware would have allowed an attacker to read messages from the affected device.
Facebook, who owns Whatsapp, published an advisory to security specialists yesterday, describing the attack as, “A buffer overflow vulnerability in WhatsApp VOIP stack that allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
What steps have been taken by WhatsApp?
WhatsApp engineers worked through Sunday before deploying a patch for its 1.5 Billion customers yesterday and urging them to update their app as an added precaution. The Financial Times reported, “WhatsApp said that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability. It began rolling out a fix to its servers on Friday last week, WhatsApp said, and issued a patch for customers on Monday.”
Not much detail about the vulnerability or the impact of the attack has been revealed yet as WhatsApp is still in its early stages of the investigation. Reportedly, last week the company disclosed the attack to the United States Department of Justice.
WhatsApp in a statement shared on Monday said, “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
Who was behind this attack?
According to the Financial Times, this malicious software was developed by NSO Group, which is headquartered in the Israeli city of Herzliya. While the company tries to keep its work under wraps, it has been accused of selling its flagship software Pegasus to Saudi Arabia and UAE. It also licenses Pegasus to intelligence and law enforcement agencies worldwide.
The NSO Group in its defense shared a statement:
“NSO’s technology is licensed to authorized government agencies for the sole purpose of fighting crime and terror.
The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization.”
Human rights advocates against NSO Group
NSO group does not have a good reputation with human rights organizations and groups. Its software has been linked to human rights abuses, unethical surveillance, and also to the gruesome murder of the Saudi Arabian critic Jamal Khashoggi.
Back in 2016, it was revealed by Citizen Lab and Lookout Mobile Security that the company exploited three unpatched iOS vulnerabilities, which are also known as zero-days, to jailbreak on user phones. This allowed the installation of Pegasus on user phones, which is capable of reading texts, tracking calls, collecting passwords, tracking location, and gathering information from apps.
Yesterday, human rights advocates, along with Amnesty International, shared their plans to file a petition against NSO Group. They are taking the Israeli Ministry of Defence (MoD) to court demanding the revocation of the mobile spyware vendor’s export license. This decision comes after an Amnesty International researcher was targeted by the company’s Pegasus surveillance software.
Amnesty International wrote in a post, “In a petition to be filed tomorrow at the District Court of Tel Aviv, approximately 30 members and supporters of Amnesty International Israel and others from the human rights community set out how the MoD has put human rights at risk by allowing NSO to continue exporting its products.”
To know more in detail, check out the report by the Financial Times.