• Daniel Follenfant, Senior Manager at NTT Security


• 15.05.2019 08:30 am
security

The hacking of WhatsApp’s messaging service is a classic example of a Buffer overflow attack.

Buffer overflows aren’t new, but you don’t often see them these days and this attack is particularly clever because it uses this flaw to gain access to a phone without the user even answering.

In its simplest form Buffer overflows are a way of writing code to an area of the application in memory that will then be executed. The WhatsApp exploitation resonates the classic but more sophisticated buffer flow attack. To carry this out the attacker had to deceive the receiver by making a call and then send the sending packets of data during the process of the call- once the packers transfer are complete; the packet execution forces what’s app internal buffer to overflow, overwriting the apps security and allows  surveillance capability on encrypted chat, eaves drop on calls and microphone and control the camera.

There is nothing you can do about this; it is a design flaw and WhatsApp has quickly addressed the problem by releasing a patch for applications already running and the new versions do not appear to be susceptible. 

Our advice to users is to check that you are not running a susceptible application by checking the version number running “The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. If you are unable to locate the version or are worried then backup your messages, completely remove WhatsApp and reinstall from the latest version on the relevant App Store.

This was a very coordinated attack developed by NSO group who in the past have been able to breach phone security with its famous Spyware Pegasus software and we urge all users to update their WhatsApp application.