A Quick Glimpse On The WhatsApp “Spyware” Issue
The embattled Facebook is facing another huge setback this week, as their acquired iOS/Android app, WhatsApp is affected by a spy-like trojan on some version of the app available for download. The social media giant categorizes the issue as a “spyware” that was embedded to some variants of WhatsApp inserted by threat actors as they exploit a major vulnerability in the app. The alleged embedded “spyware” was planted by an alleged Spyware firm named NSO Group, which is based in Israel. The extent of its access to the mobile device-wide, from it, serving as a RAT (Remote Access Trojan), activation of front/back cameras, read emails/SMS/MMS and capability to access user’s contacts.
The trouble is cross-platform, as infected versions of WhatsApp for iOS and Android were seen in the wild. Even small players such as the already deprecated Windows Phone 10 platform and Samsung’s Tizen version of WhatsApp are also affected. The only visible indication that the user is “targeted” is frequent instances of dropped calls from the app. The spyware is said to have the capability to perform cyber espionage on the phone, making it unsafe for anyone to use WhatsApp as an instant messaging and voice call service.
Meanwhile, NSO Group is strongly denying the allegations, as its spokesperson went public saying: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.“ With the incident, Facebook is critically recommending all their 1.5 billion WhatsApp users to uninstall their current WhatsApp installed on their devices, redownload a fresh version of WhatsApp (clean version available for download) in the Google Play Store, log in to their account and specifically perform a password reset procedure. The United States law enforcement agencies are already in the case, as they try to help Facebook uncover more details of the spyware infection of WhatsApp.
The innocence of NSO Group is being challenged by Amnesty Tech, expressing concerns about this new type of attack vector that harms mobile users. “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” emphasized Danna Ingleton, Amnesty Tech’s Deputy Director.
This WhatsApp trouble is happening on the wake of Facebook proudly announcing the “privacy first” end-to-end encryption initiative for their other instant messaging Facebook Messaging. The social media giant also recently announced the eventual infrastructure merger of WhatsApp, Instagram, and Facebook, which basically creates just 1-product for the entire organization.
Apple’s iOS and Google’s Android both have a default configuration to automatically download app updates from their respective app stores the moment the app publisher posted a new version of the app. This feature is usually only disabled by advanced users through the settings page of their respective app stores. Hackercombat.com strongly recommends the resetting for user password for all users of WhatsApp, and if convenient to the users, also the password for their Facebook and Instagram accounts. Though the merger of infrastructure is not yet complete, as the plan for it is still in the pipeline, it is better to be safe than sorry.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.