A spyware installed example is also found where a vulnerability that allows a single phone call to the chat app WhatsApp to be exploited is discovered


haberlernet NET

Facebook announced that its chat app ' WhatsApp ' has found a vulnerability that allows remote control of smartphones. The latest version of 'WhatsApp', which has already been distributed for iOS and Android, says that the vulnerability has been fixed, but it has been around for about half a month since the beginning of May 2019 when this vulnerability was first discovered. The world's 1.5 billion smartphones using WhatsApp are at risk.

Facebook CVE-2019-3568

WhatsApp voice calls used to inject Israeli spyware on phones | Financial Times

How Hackers broke WhatsApp With Just a Phone Call | WIRED

According to Facebook's announcement, the flaws found this time point to a vulnerability in VoIP , the voice communication protocol that WhatsApp uses for calls. Facebook is prompt for app users because the Android version of the WhatsApp earlier than '2.19.134' and the iOS version earlier than '2.19.51' contains this vulnerability. We are calling for an update to take place.



The VoIP bug discovered this time is a very common one called buffer overflow , which allows hackers to crash the system of the smartphone or execute arbitrary code with remote access by exploiting it. something like. According to the Financial Times, which first reported the problem, the attack can be carried out simply by making a phone call to the targeted smartphone, and a spyware called ' Pegasus ' actually used to kill journalists in Mexico is a British lawyer. There was also a report that it was going to be installed in the portable terminal which it has.

by master1305

The attack is effective even if the target does not respond to the phone, and it is possible to delete the incoming call history, so it is almost impossible for the target person of the attack to notice it. However, according to American news media ' WIRED ' writer Lily Hay Newman, the target of attacks due to the defect found this time is concentrated on political activists who are operating around the world, and most WhatsApp It is said that the user was not in danger.

Meanwhile, Björn Rupp, CEO of the German carrier CryptoPhone , affirms WhatsApp, 'It's not an app designed with security in mind.' 'The WhatsApp has a particularly complex connection protocol, leaving a lot of room for errors and failures,' said Dr. Karsten Noll, chief researcher at Security Research Labs , a German security company, and similar risks remain. It shows the view that it is left.

in Mobile,   Security, Posted by log1l_ks