What You Should Know about Surveillance Attack on WhatsApp

Media Release:

CYBERSECURITY companies Synopsys and Check Point have weighed in on the surveillance attack on Facebook-owned WhatsApp messaging app.

WhatsApp has over 1.5 billion users, making it the most popular messaging up in the world.

Facebook and WhatsApp have since patched the vulnerabilities and have urged users to update their app to the latest version.

In an email to SDN — Science and Digital News, here’s the statements of Oded Vanunu, head of Products Vulnerability Research, Check Point Software Technologies, and Nabil Hannan, managing principal – Financial Services, Software Integrity Group, Synopsys:SynopsysWhat is at risk with this incident?

Vanunu: The issue affects WhatsApp for Android and iOS, the vulnerability, identified as CVE-2019-3568, can successfully be exploited to install the spyware and steal data from a targeted Android phone or iPhone by merely placing a WhatsApp call, even when the call is not answered. Also, the victim would not be able to find out about the intrusion afterward as the spyware erases the incoming call information from the logs to operate stealthily. Still Open – in order to escape the sandbox to the OS we assume more 0days were used.

Hannan: The risk with this incident is that any WhatsApp user, based on their phone number, could technically be targeted. Using the buffer overflow issue, attackers can install malware allowing them to reach communications conducted on that user’s device.

Who is at risk?

Vanunu: Anyone using WhatsApp app (iOS/Android)

Hannan: Although this situation seems like it’s not an attack where all WhatsApp users are being targeted, any WhatsApp user technically could be targeted based on their phone number.

Would a regular WhatsApp user also be at risk?

Vanunu: In general any user can be at risk (in case the exploit arrived to the wrong hands), since we believe that it’s been used only by law enforcement it might affect very little (crime & terror).

Hannan: Any and every WhatsApp user is at risk. Technically anyone can be attacked, whether intentionally or accidentally. In this case the hackers seemed to have specific targets in mind, but other attackers could learn about the issue and then exploit other specific users or a wide range of users.

Check Point 2

What can a user do to minimize the risk?

Vanunu: Our day to day applications are been targeted by malicious actors to gain access to our private and sensitive data or even to gain full control on our device. Such method will continue to be used by malicious actors because the heavy usage of these applications. We are seeing that vulnerabilities on mobile platform are worth a lot of money, for example in “Zerodium” price list they are willing to pay up to US$1 million for WhatsApp vulnerability that will allow running remote code. These methods are also aligned with our Gen5 attacks where multi vector attack tools are been used.

Hannan: It’s very challenging for users to know when the software they are using might have buffer overflow issues. For the average user, it’s important to stay up to date with the latest version of the software, especially when the company has issued a fix for the known security issue. If you see any abnormal behavior in the software (in this example, receiving a call which does not show up in the call logs), report the issue as an incident to the software vendor. (Synopsys and Check Point)

The statements in this piece are solely by the two experts and not of SDN — Science and Digital News.


Don't be shy, comments are welcome! Thank you.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: