Whatsapp is in series trouble regarding the security of its user’s data. The hackers have exploited its security by installing spyware just by making a missed call on the phone. As WhatsApp has a voice call feature in it, hackers easily used it for the purpose of accessing the data of its users. According to the Financial Times, the offender is Israel’s NSO Group that sells its own spyware package called Pegasus to governments around the world.
The malware could access a phone’s camera and microphone; see messages and whatever appears on the users’ screen besides other valuable data available on the phone. The incident has raised questions on the so-called end-to-end encryption Whatsapp relies on.
The vulnerability is identified as CVE-2019-3568. To launch the attack a hacker simply needs to send packets of data at the beginning a voice call. When the Smartphone receives these packets, an internal buffer within the app is forced to overflow which overwrites other parts of its memory and gives complete control of the messaging app to a hacker.
This does indeed sound like a freak incident, but at the heart of it seems to be a buffer overflow problem that is unfortunately not too uncommon these days,” says Bjoern Rupp, CEO of the German secure communication firm Crypto Phone.
This could potentially affect 1.5 billion users worldwide who use WhatsApp both on iOS and Android devices as both the operating systems are affected. This flaw has pointed out the security features of messaging apps in question.
On the other hand, Citizen Lab, a watchdog group at the University of Toronto which is investigating NSO Group’s activities, believes that the vulnerability was used to attack a UK-based human rights lawyer as recently as Sunday.
As more and more people are using smartphones for all their daily works cybersecurity becomes at most important for the companies and also the government.
Data can be used for a lot of different malpractices. It also encourages the terrorist to use it as a weapon for carrying out their terrorist activities.
Facebook, which acquired WhatsApp in 2014 for $21 billion, has a corporate mission “to give people the power to build community and bring the world closer together.” This new mission statement was implemented because of the data privacy and security issues involving Cambridge Analytica and other parties. In early 2017, the company’s corporate mission was “to give people the power to share and make the world more open and connected.”
Facebook has suffered a large number of security and privacy breaches in the last year, but this news that a government-grade intelligence collection application had targeted the company’s WhatsApp application is a totally different issue.
WhatsApp has discovered the vulnerability earlier this month and alerted the Department of Justice of the issue. The company has instructed all the users to update WhatsApp on both iOS and Android platforms to the latest version as soon as possible.