WhatsApp voice calls used to inject Israeli spyware on phones

[MenInG]

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor".

A fix was rolled out on Friday.

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

On Monday WhatsApp urged all of its 1.5bn users to update their apps as an added precaution.

The attack was first discovered earlier this month.

How was the security flaw used?
It involved attackers using WhatsApp's voice calling function to ring a target's device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device's call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

Who is behind the software?
The NSO Group is an Israeli company that has been referred to in the past as a "cyber arms dealer".

Its flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

On the frontline of India's WhatsApp fake news war
WhatsApp sets new rules after mob killings
In a statement, the group said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation."

Who has been targeted?
WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

"There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry."

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products.

https://www.bbc.com/news/technology-48262681

 

[Abdullah719]

WhatsApp voice calls used to inject Israeli spyware, FT reports

A vulnerability in WhatsApp has allowed attackers to inject commercial Israeli spyware on phones, the Financial Times reported, citing the messaging app company and a spyware technology dealer.

WhatsApp discovered in early May that attackers were able to install surveillance software on to iPhones and Android phones by calling up targets using the app's call function, the FT said in an article on May 13.

The malicious code is developed by the secretive Israeli company NSO Group and can be transmitted to users even if they did not answer their phones, with the calls often disappearing from the call log, according to the spyware dealer who was briefed on the WhatsApp hack.

WhatsApp is in the midst of its own investigation into the vulnerability but the inquiry is in too early stages to estimate how many phone users were targeted, the FT said, citing a source.

WhatsApp engineers raced to close the loophole as late as Sunday, working round the clock in San Francisco and London, and the company began rolling out a fix to its servers on Friday last week, WhatsApp said.

WhatsApp notified the US Department of Justice last week of the issue. A justice department spokesman declined to comment to the newspaper.

Asked about the WhatsApp attacks, NSO said it was investigating the issue.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said in a statement to the FT.

“NSO would not, or could not, use its technology in its own right to target any person or organisation."

https://www.thenational.ae/business...to-inject-israeli-spyware-ft-reports-1.861156

 

[MenInG]

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users and was orchestrated by "an advanced cyber-actor".

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The surveillance software involved was developed by Israeli firm NSO Group, according to a report in the Financial Times.

Facebook first discovered the flaw in WhatsApp earlier in May.

WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient's device.

However, the surveillance software would have let an attacker read the messages on the target's device.

Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.


"Journalists, lawyers, activists and human rights defenders" are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on Android is 2.19.134
iOS

Open the App Store
At the bottom of the screen, tap Updates
If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on iOS is 2.19.51
How was the security flaw used?
It involved attackers using WhatsApp's voice calling function to ring a target's device.

Even if the call was not picked up, the surveillance software could be installed. According to the FT report, the call would often disappear from the device's call log.

WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: "A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

Prof Alan Woodward from the University of Surrey said it was a "pretty old-fashioned" method of attack.

"A buffer overflow is where a program runs into memory it should not have access to. It overflows the memory it should have and hence has access to memory in which malicious code can potentially be run," he explained.

"If you are able to pass some code through the app, you can run your own code in that area.

"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work."

Who is behind the software?
The NSO Group is an Israeli company that has been referred to in the past as a "cyber-arms dealer".

While some cyber-security companies report the flaws they find so that they can be fixed, others keep problems to themselves so they can be exploited or sold to law enforcement.

The NSO Group is part-owned by the London-based private equity firm Novalpina Capital, which acquired a stake in February.

NSO's flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

In a statement, the group said: "NSO's technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

On the frontline of India's WhatsApp fake news war
WhatsApp sets new rules after mob killings
"The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation."

Who has been targeted?
WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

According to the New York Times, one of the people targeted was a London-based lawyer involved in a lawsuit against the NSO Group.

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

"They're able to infect your phone without you actually taking an action," said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

"There needs to be some accountability for this, it can't just continue to be a wild west, secretive industry."

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel's Ministry of Defence to revoke the NSO Group's licence to export its products.

What are the unanswered questions?
How many people were targeted? WhatsApp says it is too early in its investigation to say how many people were targeted, or how long the flaw was present in the app
Does updating WhatsApp remove the spyware? While the update fixes the flaw that let this attack take place, WhatsApp has not said whether the update removes any spyware that has already infected a compromised device
What could the spyware do? WhatsApp has not said whether the attack could extend beyond the confines of WhatsApp, reaching further into a device and accessing emails, photos and more
"Using an app as an attack route is limited on iOS as they run apps in very tightly controlled sandboxes," said Prof Woodward. "We're all assuming that the attack was just a corruption of WhatsApp but analysis is still ongoing.

"The nightmare scenario would be if you could get something much more capable onto the device without the user having to do anything," he said.

The BBC has asked WhatsApp for clarification.

https://www.bbc.com/news/technology-48262681

 

[sweep_shot]

Facebook-owned WhatsApp has filed a lawsuit against Israel's NSO Group, alleging the firm was behind cyber-attacks that infected devices with malicious software.

WhatsApp accuses the company of sending malware to roughly 1,400 mobile phones for the purposes of surveillance.

Users affected included journalists, human rights activists, political dissidents, and diplomats.

NSO Group, which makes software for surveillance, disputed the allegations.

In a court filing, WhatsApp said NSO Group "developed their malware in order to access messages and other communications after they were decrypted on target devices".

It said NSO Group created various WhatsApp accounts and caused the malicious code to be transmitted over the WhatsApp servers in April and May.

"We believe this attack targeted at least 100 members of civil society, which is an unmistakable pattern of abuse," WhatsApp said in a statement.

The affected users had numbers from several countries, including Bahrain, the United Arab Emirates and Mexico, according to the lawsuit.

WhatsApp said it is seeking a permanent injunction banning NSO from using its service.

The firm, which was acquired by Facebook in 2014, said it was the first time an encrypted messaging provider had taken legal action of this kind.

WhatsApp promotes itself as a "secure" communications app because messages are end-to-end encrypted. This means they should only be displayed in a legible form on the sender or recipient's device.

NSO Group said it would fight the allegations.

"In the strongest possible terms, we dispute today's allegations and will vigorously fight them," the company said in a statement to the BBC.

"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime."

Source: https://www.bbc.com/news/business-50230431.

 

[Itachi]

Pavel durov (founder of telegram and VK) has always criticized security regarding WhatsApp.

https://www.androidauthority.com/whatsapp-vs-telegram-security-988219/

He goes into depth about why these security flaws will come into play.

 

[sweep_shot]

In April, Faustin Rukundo received a mysterious call over WhatsApp from a number he did not recognise.

He answered, but the line was silent and then it went dead. He tried calling back but nobody answered.

He didn't know it but his phone had been compromised.

As a Rwandan exile living in Leeds, Mr Rukundo was already privacy conscious. He searched for the number online and found the dialling code was from Sweden.

Strange, he thought. But he soon forgot about it.

Then the number called once more. Again nobody picked up.

There were also missed calls from other numbers he did not recognise and he began to get worried about his family's safety, so he bought a new phone.

Within a day, the unknown number called again.

"I tried to answer and they hung up before I heard any voice," Mr Rukundo told the BBC.

"Whenever I called back, no-one answered. I realised something was wrong when I started seeing files missing from the phone.

"I spoke to my colleagues at the Rwanda National Congress and they too had similar experiences. They were getting missed calls from the same numbers as me."

The Rwanda National Congress is a group that opposes the Rwandan regime.

It was not until May, when Mr Rukundo read reports that WhatsApp had been hacked, that he realised what had happened.

"I first read the story about the WhatsApp hack on the BBC and thought, 'Wow, this could explain what's happened to me,'" he said.

"I changed my phone and realised my mistake. They were following my number around and putting the spy software on each new device by calling the same number."

In April, Faustin Rukundo received a mysterious call over WhatsApp from a number he did not recognise.

He answered, but the line was silent and then it went dead. He tried calling back but nobody answered.

He didn't know it but his phone had been compromised.

As a Rwandan exile living in Leeds, Mr Rukundo was already privacy conscious. He searched for the number online and found the dialling code was from Sweden.

Strange, he thought. But he soon forgot about it.

Then the number called once more. Again nobody picked up.

There were also missed calls from other numbers he did not recognise and he began to get worried about his family's safety, so he bought a new phone.

Within a day, the unknown number called again.

"I tried to answer and they hung up before I heard any voice," Mr Rukundo told the BBC.

"Whenever I called back, no-one answered. I realised something was wrong when I started seeing files missing from the phone.

"I spoke to my colleagues at the Rwanda National Congress and they too had similar experiences. They were getting missed calls from the same numbers as me."

The Rwanda National Congress is a group that opposes the Rwandan regime.

It was not until May, when Mr Rukundo read reports that WhatsApp had been hacked, that he realised what had happened.

"I first read the story about the WhatsApp hack on the BBC and thought, 'Wow, this could explain what's happened to me,'" he said.

"I changed my phone and realised my mistake. They were following my number around and putting the spy software on each new device by calling the same number."

For months, Mr Rukundo was convinced that he and his colleagues were some of the estimated 1,400 people targeted by attackers exploiting the flaw in WhatsApp.

But it was only confirmed to him this week following a call from Citizen Lab in Toronto.

For six months, the organisation has been working with Facebook to investigate the hack and find out who was affected.

Researchers there say: "As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe."

Mr Rukundo's profile as an outspoken critic of the Rwandan regime is consistent with the sort of people who were targets for this spyware.

It was allegedly built and sold by the Israel-based NSO Group and sold to governments around the world.

Hackers used the software to spy on journalists, human rights activists, political dissidents and diplomats.

Mr Rukundo says he has not had any calls since the original hack, but the experience has made him and his family feel paranoid and scared.

"Honestly, even before they confirmed this, we were gutted and terrified. It looks like they only bugged my phone for around two weeks but they had access to everything," he told the BBC.

"Not only my activity during that time but my whole email history and all my contacts and connections. Everything is watched, the computers, our phones, nothing is safe. Even when we talk, they could be listening. I still don't feel safe."

Mr Rukundo fled Rwanda in 2005 when critics of the government were being arrested and jailed. He says he fought to have his wife released after she was kidnapped and detained for two months on a family visit in 2007.

Facebook, the owner of WhatsApp, is attempting to sue the NSO Group.

The NSO Group denies any wrongdoing.

In court documents, Facebook accuses the company of exploiting a then-unknown vulnerability in WhatsApp.

The app is used by approximately 1.5 billion people in 180 countries.

The service is popular for its end-to-end encryption, which means messages are scrambled as they travel across the internet, making them unreadable if intercepted.

The filing at the US District Court of Northern California describes how the spyware was allegedly installed.

The powerful software known as Pegasus is an NSO Group product that can remotely and covertly extract valuable intelligence from mobile devices, by sharing all phone activity including communications and location data with the attacker.

In previous spyware attacks, victims have been tricked into downloading the software by clicking on booby-trapped web links.

But with the WhatsApp hack, Facebook alleges that it was installed on victims' phones without them taking any action at all.

The company says that between January 2018 and May 2019, NSO Group created WhatsApp accounts using telephone numbers registered in different counties, including Cyprus, Israel, Brazil, Indonesia, Sweden and the Netherlands.

Then in April and May, the victims were attacked with a phone call over WhatsApp, it is claimed.

The filing says: "To avoid the technical restrictions built into WhatsApp Signaling Servers, defendants formatted call initiation messages containing malicious code to appear like a legitimate call and concealed the code within call settings.

"Disguising the malicious code as call settings enabled defendants to deliver it to the target device and made the malicious code appear as if it originated from WhatsApp Signaling Servers."

The victims would be completely unaware that they had been bugged. In some cases the only thing they noticed were mysterious missed calls in WhatsApp logs.

The document states that Facebook:

believes the hack was an abuse of its computer network
wants an injunction stopping the NSO Group having any access to its platforms.
accepts that NSO Group was allegedly carrying out the hacks on behalf of its customers, but Facebook is going after the company as the architects who created the software
NSO Group has been accused of supplying the spyware that let the killers of journalist Jamal Khashoggi track him down.

NSO Group denies involvement in that incident and says it will fight these latest allegations.

"In the strongest possible terms, we dispute today's allegations and will vigorously fight them," the company said in a statement to the BBC.

"The sole purpose of NSO Group is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime."

Source: https://www.bbc.com/news/technology-50249859.

 

[sweep_shot]

A group of Indians including journalists and lawyers whose phones were hacked via Facebook's WhatsApp messaging platform asked the government on Friday to make public its ties with the Israeli firm accused of deploying the spyware.

WhatsApp last week sued Israel's NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users — including diplomats, political dissidents, journalists, military and government officials — across four continents.

NSO denied the allegations and said it sells technology to governments to counter terrorism. India is WhatsApp's biggest market with 400 million users.

The group of 19 affected Indian users said in an open letter that Prime Minister Narendra Modi's government must explain whether it had mounted the surveillance on them.

“It is a matter of public concern whether Indian tax payer money has been spent on this kind of cyber surveillance...,” the Indian group, comprising journalists, lawyers, academics, writers and social activists, said in the letter.

Of those allegedly affected by NSO's Pegasus spyware, 121 are based in India, two sources familiar with the matter said.

According to WhatsApp, Pegasus exploited a loophole in its video calling feature, using it as a door to break in to a users' device. Once in, it got unfettered access to the phone's data, and even its microphone and camera.

The group of Indian users said that the spyware had compromised not just their safety but also the security of their friends, family, clients and sources.

“We seek an answer from the Government of India about whether it was aware of any contract between any of its various ministries, departments, agencies, or any State Government, and the NSO Group or any of its contractors to deploy Pegasus or related malware for any operations within India?” they said.

The Indian government has neither confirmed nor denied using the spyware.

It last week asked WhatsApp to explain the nature of the breach and the steps it was taking to safeguard user privacy.

Source: https://www.dawn.com/news/1515667/i...ties-with-israeli-firm-in-privacy-breach-case.

 

[JaDed]

Whatsapp to have ads soon. One can say whatever but ads is the only way to make profit for free or cheap softwares.