Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

In April 2017, Zambia’s ICT regular ZICTA sensationally claimed that it had the ability to disable any communication devices and read personal messages including on platforms such as WhatsApp.The claim was dismissed by many WhatsApp users who stated that the messaging app’s end to end encryption makes it impossible to hack.

But on Monday, WhatsApp, which is owned by Facebook, said confirmed an attack which it said was targeted at “select number” of users, and that was orchestrated by “an advanced cyber actor”.

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.The attack was first discovered earlier this month.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

The flaw involved attackers using WhatsApp’s voice calling function to ring a target’s device.Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

[Read 8,043 times, 1 reads today]
Loading...

14 COMMENTS

  1. Bae if you are reading this, please do not contact me on whatsapp till this hacking is resolved.

    10

    2
    • It explains how this PF have been eves dropping on citizens.

      That is why they knew that the boy that “insulted” Lungu was from Luanshya.

      That is why they knew HH was attending mass at the Catholic church in Ndola.

      3

      8
    • This is not News. That software, Pegasus, is available for purchase at the right price. How do you think the Saudis hacked and managed to murder Jamal Khashoggi? The Israeli sold that software to Saudi Arabia for $55 million. Even the CEO of the company NSO confirmed it. The sad part is Saudi Arabia has a horrible history on human rights and yet for the right price, where sold this ammunition.

      5

      2
    • Chi Indigo, not everything is politics. What is wrong with you PF and UPND cadres? Can we talk about constructive things for once.

      4

      3
  2. This is Israeli cyber hacking ….among the best in the world

    I dought netanyahou would be so cheap as to give lungu access to Israeli spyware ….

    State house and lungu use cheap Chinese hacking technology

    4

    2
  3. Anyone who thinks Internet can’t be breached is dreaming. These programs were created by humans and humans can crack them. Just don’t be careless when you use it.

    9

    1
  4. Telegram messaging App has given the most experienced software hackers a headache, switch to Telegram

    0

    0
  5. Don’t be cheated it’s us the users who make our phones vulnerable by installing unknown software, system updates, opening suspicious websites, opening files from unreliable sources. watch out!!!

    2

    0

Comments are closed.