|
|
[br]
[br][br][br]WhatsApp users have been affected by spyware, which can turn on their phone’s camera and microphone as well as collect location data, reported Financial Times. The flagship software called Pegasus by a private Israeli company NSO Group is said to have taken advantage of WhatsApp’s voice call function to carry out the attack.[br][br]WhatsApp is reportedly in its early stages of investigation and the exact number of users who have been affected is unclear at this point. The Facebook-owned company issued an advisory earlier this week asking its users to update the app. It has also rolled out a security patch to fix the issue.[br][br]We explain how WhatsApp’s voice call vulnerability was used to launch the attack, who was behind it, and what should you do:[br][br]WhatsApp spyware attack: What is it?[br][br]The phones of WhatsApp users have been reportedly targeted with spyware that can be potentially used to spy on users. The software can turn on a phone’s camera and microphone without the user knowing about it and also collect location data. As per the FT report, NSO Group’s flagship Pegasus programme can trawl through emails and messages as well.[br][br][br]WhatsApp spyware attack: How was the attack carried out?[br][br]The spyware seems to have taken advantage of WhatsApp’s microphone functionality. The attackers could simply call a user to install the surveillance software, even when the call was not picked up. The report adds that the call would sometimes not even show up in a user’s call log.[br][br]WhatsApp spyware attack: Who is behind the software used?[br][br]According to the Financial Times report, the software is created by Israeli firm NSO Group, which has meanwhile denied its direct involvement in the WhatsApp attack. The firm said its software is operated by intelligence and law enforcement agencies.[br][br]
[br][br][br]WhatsApp has advised its users to update the app.[br]“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said in a statement to FT. It added that it could not use its own technology to target any person or organisation.[br][br]WhatsApp spyware attack: Has WhatsApp released a fix?[br][br]WhatsApp issued a security advisory last week informing users of the attack. The company has also asked its users to update the app. “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said.[br][br]The company issued a patch on Monday and is said to be working around the clock to close the vulnerability. Last week, on Friday, WhatsApp also started to release a fix for its servers.[br][br]“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said. The Facebook-owned company has also reportedly briefed human rights organisations as well to work with them to inform civil society.[br][br]WhatsApp spyware attack: Who is affected and what should you do?[br][br]WhatsApp has advised its users to update the app. WhatsApp said in a statement to BBC that the attack targeted a “select number” of users, though an exact number is yet to be revealed.[br][br]The issue seems to affect Android prior to version 2.19.134 and WhatsApp Business for Android prior to version 2.19.44. For iOS, WhatsApp prior to version 2.19.51 and WhatsApp Business prior to version 2.19.51 have been affected. WhatsApp for Windows Phone prior to version 2.18.348, and WhatsApp for Tizen prior to version 2.18.15 devices have been affected as well. |
|
发表于 2019-05-14 15:43:51
收藏
Like
Stick Card
Jack
