Tagged: WhatsApp

Whatsapp Buffer Overflow Vulnerability could be used to inject Surveillance Software into any Cell Phone

Facebook has posted a Security Advisory about a vulnerability in the WhatsApp as follows:

CVE-2019-3568

Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Last Updated: 2019-05-13

Video is courtesy of the DW News YouTube channel

Facebook owns WhatsApp.  The vulnerability was found in early May of this year. The Hack allowed the installation of spyware on the Cell Phone being called even if the call was not answered by the Cell Phone owner. The software installed was allegedly the very powerful spyware named Pegasus.

Pegasus can gain full control over the phone. That, includes all of its contents and history. Pegasus also has the ability to activate its Cell Phone microphone and camera without the cell phone owner being aware of it.

Video is courtesy of the Lansweeper YouTube channel

The Israeli firm called the NSO Group is known for producing Pegasus. Their customer base is apparently government agencies around the globe.

The Citizen Lab website published a report of the extent of use of Pegaus Spyware around the globe. Click on this link to visit The Citizen Lab website and read their post titled: “HIDE AND SEEKTracking NSO Group’s Pegasus Spyware to Operations in 45 Countries“.

The United Kingdom’s National Cyber Security Centre has published today (May 14) suggestions for Cell Phone users. Click on this link to visit the UK’s National Security Centre to read their post titled: “NCSC advice following WhatsApp vulnerability Advice for users of WhatsApp following today’s vulnerability announcement“.

 

Posted by Vincent Banial