WhatsApp Hack Comment

WhatsApp Hack Comment

Daniel Follenfant

Senior Manager at NTT Security

Views 365

WhatsApp Hack Comment

15.05.2019 08:30 am

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack.

Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a phone without the user even answering.

In its simplest form Buffer overflows are a way of writing code to an area of the application in memory that will then be executed. The WhatsApp exploitation resonates the classic but more sophisticated buffer flow attack. To carry this out the attacker had to deceive the receiver by making a call and then send the sending packets of data during the process of the call- once the packers transfer are complete; the packet execution forces what’s app internal buffer to overflow, overwriting the apps security and allows  surveillance capability on encrypted chat, eaves drop on calls and microphone and control the camera.

There is nothing you can do about this; it is a design flaw and WhatsApp has quickly addressed the problem by releasing a patch for applications already running and the new versions do not appear to be susceptible. 

Our advice to users is to check that you are not running a susceptible application by checking the version number running “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. If you are unable to locate the version or are worried then backup your messages, completely remove WhatsApp and reinstall from the latest version on the relevant App Store.

This was a very coordinated attack developed by NSO group who in the past have been able to breach phone security with its famous Spyware Pegasus software and we urge all users to update their WhatsApp application.

Latest blogs

Tom Kellermann Carbon Black

Governance, Risk and Compliance - Enacting Proactive Risk Management

In the highly regulated industries of finance, healthcare and energy, a focus on governance, risk and compliance (GRC) is crucial to effectively combat a cybersecurity breach. Unfortunately, when considering international data sharing, this can Read more »

James Daniels FIME

Key takeaways from MWC Shanghai and Seamless Asia

At the end of last month, two major technology events took place in Asia. The first was Seamless Asia, which focused on the future of finance and commerce. The second, MWC Shanghai, centred around ‘Intelligent Connectivity’ – bringing together Read more »

Henry Balani Encompass Corporation

KYC Solutions Provider Encompass Corporation Comments on FCA Anti-Money Laundering Annual Report 2018/19

From this report, it is clear that the FCA is taking real action across the board when it comes to tackling money laundering. It is important to note the focus on Capital Markets. Given the reputation of London as a major financial centre, this is Read more »

Aditya Arora Teleperformance DIBS

How can financial institutions keep the human touch despite the ever growing wave of automation?

The past decade has welcomed an era of rapidly evolving and innovative technology, launching the race for automation and use of Artificial Intelligence across verticals in order to streamline processes and ease tasks for its employees and customers Read more »

Lina Andolf-Orup Fingerprints

Fingerprint On The Pulse: Biometrics On The Move In More Places Than One

We may be halfway through 2019, but as the year hurtles onwards, it’s important to pause and reflect on the latest and greatest news from Q2. With milestones surpassed – and fading into the distance – coupled with the ongoing adoption of biometrics Read more »

Related Blogs

Paul Hampton Thales

Going back to basics will solve a security headache for financial firms

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on Read more »

Arne Uppheim Avast Software

Password Advice

How easy is it for cyber criminals to get past weak passwords? How do they do that? ‘Brute force attacks’ are a common tactic used by cyber-criminals. These attacks use automated software to guess as many combinations as quickly as possible. Short Read more »

Marc Terry Cardtronics

Technological transformation at ATMs combats targeted attacks

The epidemic of cash machine attacks across the UK is a serious cause for concern with attacks having risen an average of 22% per year since 2014. The attacks, often carried out with heavy machinery, not only damage the ATMs themselves, but cause Read more »

Andre Stoorvogel Rambus Payments

Securing Crypto Assets on the Blockchain

The rapid expansion of the cryptocurrency ecosystem demonstrates the power of the blockchain to revolutionize financial services and beyond. Yet at the same time, the inherent volatility provides a cautionary tale. With blockchain implementations Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel