WhatsApp Hack Comment

WhatsApp Hack Comment

Daniel Follenfant

Senior Manager at NTT Security

Views 1278

WhatsApp Hack Comment

15.05.2019 08:30 am

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack.

Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a phone without the user even answering.

In its simplest form Buffer overflows are a way of writing code to an area of the application in memory that will then be executed. The WhatsApp exploitation resonates the classic but more sophisticated buffer flow attack. To carry this out the attacker had to deceive the receiver by making a call and then send the sending packets of data during the process of the call- once the packers transfer are complete; the packet execution forces what’s app internal buffer to overflow, overwriting the apps security and allows  surveillance capability on encrypted chat, eaves drop on calls and microphone and control the camera.

There is nothing you can do about this; it is a design flaw and WhatsApp has quickly addressed the problem by releasing a patch for applications already running and the new versions do not appear to be susceptible. 

Our advice to users is to check that you are not running a susceptible application by checking the version number running “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. If you are unable to locate the version or are worried then backup your messages, completely remove WhatsApp and reinstall from the latest version on the relevant App Store.

This was a very coordinated attack developed by NSO group who in the past have been able to breach phone security with its famous Spyware Pegasus software and we urge all users to update their WhatsApp application.

Latest blogs

Christian Wiens Getsafe

Why Challenger Insurers Are Doing Better Than Challenger Banks During the Coronavirus Crisis?

The 2009/10 financial crisis hit insurers much less than banks. Challenger banks such as Monzo, Revolut, Starling Bank and N26 took advantage of the increasing scepticism and dissatisfaction of customers. With their promise of "no bullshit banking" Read more »

Sponsored Post Safetrading.today

How to Earn on Cryptocurrency?

In 2010 one developer from the USA made a very unprofitable deal. This guy changed 10,000 Bitcoins to one pizza. Imagine how much money he would have today if he didn’t make this deal! And this is, as I think, the best example of a bad Read more »

Mike Kiersey Boomi

Businesses looking at M&A post-Covid-19 need to keep integration in mind

At a time when M&A has the potential to become increasingly strategic, a clear post-merger integration plan becomes vital to maintain business-critical applications, IT systems and data. Both companies involved need to understand the importance Read more »

Doug Brown NCR Digital Banking

Self-Service Banking Has a Defining Moment With COVID-19

Consumers and businesses around the world have increasingly shifted to digital self-service banking due to convenience. The ability to access money and banking services anywhere and anytime has proven essential. For banks and financial institutions Read more »

Joseph Cordahi NeoXam

Covid-19: why volatility stress-testing must extend beyond the banks

Stress-testing has become a common tool of regulators and central banks to assess the readiness of banks to deal with sudden volatility in global markets. With Wall Street suffering its worst day since the 1980’s in March, and Covid-driven Read more »

Related Blogs

Gabriel Leperlier Verizon Enterprise Solutions

Why is Payment Security Compliance Declining with only 1 in 3 Companies Globally Making the Grade?

When companies are attacked, personal and financial customer information from payment card data is often the target. The Payment Card Industry Data Security Standard (PCI DSS) was designed to help protect payment data from the point of purchase and Read more »

Alan Stewart-Brown Opengear

Security Challenges for Financial Institutions – How Smart Out-of-Band (OOB) Management Keeps Networks Up and Running

Information technology and telecommunications are fundamental to service delivery in financial institutions today. Firms are increasingly reliant on IT networks to deliver core services but this can leave them vulnerable to ever-expanding security Read more »

Ali Raza Financial Software Systems

The Best of both Worlds: Security and User Experience

Globally e-commerce is booming. According to industry estimates digital commerce is projected to grow at a 20% CAGR to reach $5.8 trillion by 2022.  At the same time fraud losses are mounting. Read more »

Jason Tooley Veridium

Retailers Focus on Security to Avoid Becoming Another High Street Casualty

There is a consistent pattern of disruption in most industries, and surviving in the face of this rising tide means embracing the change, not fighting it. 68 per cent of c-level executives expect their industry to be significantly disrupted by new Read more »

Paul Hampton Thales

Going back to basics will solve a security headache for financial firms

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel