Are you a user of WhatsApp? If so, beware that a serious vulnerability in the application has been exploited. The flaw allowed hackers to compromise devices using a form of advanced spyware developed by Israeli company NSO Group.
The vulnerability is tracked under CVE-2019-3568, and was first reported by Financial Times.
CVE-2019-3568 Official description
The vulnerability is described as buffer overflow in WhatsApp VOIP stack. It allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
The vulnerability affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Apparently, CVE-2019-3568 was discovered earlier this month while the company was making security improvements.
Exploits based on the flaw happened by calling either a vulnerable iPhone or an Android device via the WhatsApp calling function. It should be mentioned that the calls didn’t need to be answered, and often disappeared from logs. Fortunately, the flaw was supposedly fixed.
Who is NSO Group? The company is the maker of Pegasus, an advanced spyware application that jailbreaks or roots infected devices enabling the spyware to go through private messages, activate the microphone and camera, and collect sensitive information.
It is curious to note that the Pegasus spyware has been used in fake tech support scams which claimed that the victims’ devices were infected with it.
As for the actual attack involving WhatsApp, according a company’s representative, a small number of users were targeted via CVE-2019-3568 by advanced attackers, ArsTechnica said.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the representative added without directly mentioning NSO Group. According to reports, one of the targets of the attack was a UK-based human rights lawyer whose device got compromised on Sunday.
CVE-2019-3568 Already Fixed
The buffer overflow vulnerability should now be fixed in a patch released on Monday. Here’s how to update WhatsApp according to your OS. WhatsApp has purportedly reported the attack to US law enforcement to help them with the investigation. As for NSO Group, it appears that the company is facing a challenge in Israeli court regarding the company’s ability to export its spyware.