WhatsApp Hack Comment

WhatsApp Hack Comment

Daniel Follenfant

Senior Manager at NTT Security

Views 171

WhatsApp Hack Comment

15.05.2019 08:30 am

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack.

Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a phone without the user even answering.

In its simplest form Buffer overflows are a way of writing code to an area of the application in memory that will then be executed. The WhatsApp exploitation resonates the classic but more sophisticated buffer flow attack. To carry this out the attacker had to deceive the receiver by making a call and then send the sending packets of data during the process of the call- once the packers transfer are complete; the packet execution forces what’s app internal buffer to overflow, overwriting the apps security and allows  surveillance capability on encrypted chat, eaves drop on calls and microphone and control the camera.

There is nothing you can do about this; it is a design flaw and WhatsApp has quickly addressed the problem by releasing a patch for applications already running and the new versions do not appear to be susceptible. 

Our advice to users is to check that you are not running a susceptible application by checking the version number running “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. If you are unable to locate the version or are worried then backup your messages, completely remove WhatsApp and reinstall from the latest version on the relevant App Store.

This was a very coordinated attack developed by NSO group who in the past have been able to breach phone security with its famous Spyware Pegasus software and we urge all users to update their WhatsApp application.

Latest blogs

Carl Uminski Somo

Are We Digitally Ready for a Cashless Britain?

Economists estimate that only eight per cent of the world’s money exists in the form of tangible coins and notes; the rest is floating in the digital ether. According to a survey by Forex Bonuses, Britain is third in the world league table of Read more »

Stephan Schmidt-Tank Amazon Web Services

Look to Efficiency and Innovation to Drive Competitive Advantage in Banking

We’re seeing a wave of change sweeping the industry directly related to financial institutions’ need to innovate and transform to compete. At a time when customers’ expectations are changing fast and customer centric companies need to move faster Read more »

Ian Massingham Amazon Web Services

Three Keys to Compliance: Cloud in Financial Services

The global perception of “moving to the cloud” has undergone multiple shifts since its inception. What began as a leap of faith into the unknown has become a core enabler for businesses that want to experiment, innovate and grow. So much so that Read more »

Serdar Karliev kpi.com

Bringing ERP to SMEs

Interview: Serdar Karliev, CEO of kpi.com Financial IT: How would you describe kpi.com? Read more »

Sanjeev Patil Girmiti Software.

Mobile Wallets - Redefining Customer Experience through Enhanced Features

Lately, there has been a lot of buzz around Mobile Wallets as it is creating a new wave in Digital Payments. Nonetheless, Mobile wallets are still at a nascent stage in most of the developing countries, but has become the mode of payment in most of Read more »

Related Blogs

Marc Terry Cardtronics

Technological transformation at ATMs combats targeted attacks

The epidemic of cash machine attacks across the UK is a serious cause for concern with attacks having risen an average of 22% per year since 2014. The attacks, often carried out with heavy machinery, not only damage the ATMs themselves, but cause Read more »

Andre Stoorvogel Rambus Payments

Securing Crypto Assets on the Blockchain

The rapid expansion of the cryptocurrency ecosystem demonstrates the power of the blockchain to revolutionize financial services and beyond. Yet at the same time, the inherent volatility provides a cautionary tale. With blockchain implementations Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Markus Melin Tieto

5 Positive Ways to Make Your Staff Security-savvy

Security is in the daily actions we make. And we all know that when it comes to changing habits, warnings and prohibitions just don’t cut it. They don’t work because the actions in question are mundane and lack conscious decision-making. For Read more »

Alvaro Hoyos OneLogin

Security and Privacy Issues Must Be Addressed by Mastercard

Whilst convenient, very few people realise the potential flaws behind the use of biometric fingerprint scanning technology. Fingerprint readers can easily become compromised by the likes of dirt or due to the nature of fingerprints themselves, which Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel