Saturday December 14, 2019
Home Lead Story WhatsApp Brea...

WhatsApp Breach Has Huge Privacy Implications, Say Experts

The spyware developed by the NSO Group had the capability to attack both Android and iOS devices

0
//
whatsapp, paytm, UPI-based Pay service
FILE - The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

The victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content, say experts.

A bug in the Facebook-owned messaging app’s audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target.

The spyware was reportedly developed by the Israeli cyber intelligence company NSO Group.

“The bug can be exploited based on a decades-old type of vulnerability – a buffer overflow,” Carl Leonard, Principle Security Analyst at cybersecurity company Forcepoint, said in a statement on Wednesday.

“While no details of the actions taken by this malware have emerged, one could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information,” Leonard said.

WhatsApp has not yet shared much details on the nature of the attack and its implications, but it said it had provided information to the US law enforcement to help them conduct an investigation.

“We are early in our investigation and we don’t have numbers to share though this is a relatively small amount of people,” said WhatsApp, while urging its 1.5 billion users to update the app.

The company did not immediately share how the attack impacted users in India.

“Unbeknownst to the victims, the attackers obtained complete access to everything on the their mobile devices: personal and corporate information, email, contacts, camera, microphone, and the individual’s location,” Brian Gleeson, Mobile Product Marketing Manager at Check Point Software Technologies Ltd. wrote in a blog post on Tuesday.

WhatsApp, however, said that earlier this month, it identified and “promptly” fixed the vulnerability that could enable an attacker to insert and execute code on mobile devices.

WhatsApp
WhatsApp on a smartphone device.

The spyware developed by the NSO Group had the capability to attack both Android and iOS devices.

In fact, according to a report in the Financial Times, the secretive Israeli company called in its sales people last month to talk about its software that can even breach the privacy of iPhone users.

The executives from the NSO Group made a claim that it had figured out a way to “drop its payload”, a piece of software called Pegasus that can penetrate the darkest secrets of any iPhone, using just one simple missed call on WhatsApp, said the report citing one unnamed person at the meeting.

The phone starts revealing its encrypted content shortly after the missed call.

“It then transmits back the most intimate details such as private messages or location, and even turns on the camera and microphone to live-stream meetings,” said the report.

Also Read- Apple Starts Rolling out its TV App in Over 100 Countries

While the software itself is not new, the WhatsApp hack was an enticing new “attack vector”, the person was quoted as saying.

“The WhatsApp hack illustrates that despite their best efforts, Apple and Google cannot completely secure the users of mobile devices running their operating systems,” Gleeson of Check Point said.

“In order to ensure users are properly protected, a mobile threat defence solution must be in place that can prevent spyware from gathering intelligence on their targets,” he added. (IANS)

Next Story

WhatsApp to Take Legal Action Against Businesses Engaged in Abusing Bulk Messaging

"We will continue to provide capabilities to help businesses communicate with their customers," said WhatsApp

0
WhatsApp
WhatsApp on a smartphone device. Pixabay

WhatsApp will take legal action against businesses engaged in or assisting others in abusing automated or bulk messaging on its platform.

The company has built two tools — the WhatsApp Business app and the WhatsApp Business API — to help companies manage customer interactions.

The company said that its products are not intended for bulk or automated messaging, both of which have always been a violation of its terms of service.

“WhatsApp will take legal action against those we determine are engaged in or assisting others in abuse that violates our terms of service, such as automated or bulk messaging, or non-personal use, even if that determination is based on information solely available to us off our platform,” the Facebook-owned platform said in a statement.

For example, off-platform information includes public claims from companies about their ability to use WhatsApp in ways that violate its terms.

whatsapp, paytm, UPI-based Pay service
FILE – The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

“This serves as notice that we will take legal action against companies for which we only have off-platform evidence of abuse if that abuse continues beyond December 7, 2019, or if those companies are linked to on-platform evidence of abuse before that date,” said WhatsApp.

The platform, on an average, bans over two million accounts per month for bulk or automated behaviour and over 75 per cent of those accounts did not have any recent user reports.

An account that registered five minutes before attempting to send 100 messages in 15 seconds is almost certain to be engaged in abuse, as is an account that attempts to quickly create dozens of groups or add thousands of users to a series of existing groups.

Also Read: Apple Brings iOS, iPadOS 13.3 with a Host of Bug Fixes and Improvements

“Using the on-platform information available within WhatsApp, we’ve found and stopped millions of abusive accounts from operating on our service,” it said.

In addition to technological enforcement, said WhatsApp, it also takes legal action against individuals or companies that it links to on-platform evidence of such abuse.

“We will continue to provide capabilities to help businesses communicate with their customers,” said WhatsApp. (IANS)