WhatsApp has urged its users to update the app to the latest version – Android – 2.19.143, iOS – 2.19.51 after getting hacked. According to reliable reports, the cyber attack targeted human rights defenders, activists, lawyers and journalists. But the Facebook-owned firm has gone on to inform all its 1.5 billion users to upgrade the app as a precaution measure.
How the Hacking was Discovered
A London-based lawyer was the first to suspect the attack after he started missing WhatsApp video calls. He contacted Citizen Lab who started to look into the situation, but WhatsApp engineers were first to discover an abnormal voice calling activity on the system. The messaging service firm then informed the Justice Department, human rights bodies and other organizations of the threat as they worked on a solution.
How the Attack Happened
The hacker targeted a buffer overflow vulnerability in WhatsApp VoIP (Voice over Internet Protocol) stack to execute a remote code via specially crafted series of SRTCP (Secure Real-Time Transport Control Protocol) packets sent to a target phone number.
With the help of the code, the attacker could use an initial process in the VoIP to dial up and establish a call on the Android or iOS phone. After the call goes through, the hack would install a surveillance software, or simply spyware, and also delete the call log. The software would then enable the attacker to access personal data on that particular device.
But Who is the Hacker?
According to a leading news channel, the NSO Group is responsible for the attack. The cyber-security and intelligence company has however denied any involvement in the attack. It has argued that it can’t operate or identify targets of its technology which is solely under intelligence and law enforcement agencies. It also argued that it can’t use its technology in its own right to target any person or organization.
But according to a WhatsApp spokesman, the attack had all the hallmarks of the NSO Group which works with governments on surveillance. It mainly delivers spyware and other tools that take over the functions of mobile phone operating system.
WhatsApp Solution to the Attack
As mentioned above, WhatsApp engineers have already patched the vulnerability and released a new version of the app. In addition to urging you to upgrade the app, the firm also wants you to update your mobile operating system to protect against cyber attacks on your device.
Loved our post? Well, subscribe for more on the subscription section!