Back
Data Breach - WhatsApp has exposed phones to Israeli Spyware
- By Elite CIO
May 16, 2019
6
Data Breach - WhatsApp has exposed phones to Israeli Spyware
On 13th May 2019, WhatsApp admitted a major cyber security breach that has enabled targeted spyware to be installed on phones through voice call. The security vulnerability affects both iPhone and Android devices, with malicious code (allegedly) from Israel’s NSO Group, transmitted whether or not a user answers an infected call.
The WhatsApp vulnerability is a buffer overflow weakness, enabling malicious code to be inserted into data packets sent during the process of starting a voice call.
Facebook somewhat drily said: “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to V2.19.134, WhatsApp Business for Android prior to V2.19.44, WhatsApp for IOS prior to v2.19.51, WhatsApp Business for IOS prior to v2.19.51, WhatsApp for Windows Phone prior to v.2.18.348 and WhatsApp for Tizen prior to v2.18.15”
Recommendation:
Elite CIO Council recommends to use the updated version of your WhatsApp
Android – 2.19.134 version
IOS – 2.19.51 version
Author : Atul Bansal, Gateway Rail