Major WhatsApp Spyware Vulnerability Revealed

WhatsApp open padlock

A major WhatsApp security vulnerability emerged Sunday. The loophole allowed hackers to inject spyware via voice calls made on the popular messaging app on both iPhones and Android devices (via Financial Times).

WhatsApp open padlock

Malicious Code Via WhatsApp Voice Calls

Hackers could transmit Spyware even if a user did not answer the voice call. WhatsApp discovered the vulnerability earlier this month. Engineers in both San Francisco and London worked to close the loophole in the application.

Facebook bought WhatsApp in 2014. The messaging app now has 1.5 billion users. It has always put a large focus on privacy. The company said:

This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.

A security advisory issued by the parent company said:

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
The advisory confirmed that the issue affected versions of WhatsApp for iOS prior to v2.19.51. It also affected WhatsApp Business for iOS prior to v2.19.51. On Friday, the company started rolling-out updates.

Code Created by Israeli Firm

Israeli firm NSO developed the malicious code. There is a concern that journalists and human rights advocates, amongst others, could be put at risk by it.  The company said that “under no circumstances would [it] be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.”

One thought on “Major WhatsApp Spyware Vulnerability Revealed

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.