Digital Media Science and Tech Tech Technology Top Stories World

WhatsApp says ‘select group’ of users targeted in cyber attack

WASHINGTON DC, USA: WhatsApp confirmed on Tuesday that a security breach occurred on its messaging app platform which targeted a ‘select group’ of journalists, lawyers and human right activists.
WhatsApp also urged its users to download the latest update for the app in order to protect themselves from the malware attacks.

WhatsApp promotes itself as a “secure” communications app as the messages sent through the application are end-to-end encrypted. This means the messages would only be displayed in a legible form on the sender or recipient’s device. The fact that hackers can easily to break into digital communications has raised concerns about privacy.

Haris Ali Khan, a technology expert associated with Perth-based startup MiracleTek, said loopholes could be easily used to hack different devices.

“Though it is too early to comment on the nature of the vulnerability that allowed this breach, however, a quick probe into available information indicates that this occurred due to a loophole in the voice-over-internet protocol service that WhatsApp employs for its calls,” he said.

“Hackers successfully leveraged this flaw in VoIP to cause a buffer-overrun in the program and penetrated into the device operating system.”

The spyware is installed in the targets’ phone by just ringing up by call function. It worked even if they did not answer the call. Hackers remotely install the spyware that would allow them to control the device.

Owned by Facebook, WhatsApp is used by 1.5 billion people around the globe. The messaging platform said it had patched a security loophole that allowed spyware to be installed even via a missed call.

A spokesman for the company said the scope of the problem was unknown, but the number of affected individuals was at least in the dozens.

The Financial Times and TechCrunch identified the spyware as the product of an Israeli cybersecurity firm NSO. The group is famous for its software called “Pegasus” which can hack smartphones. The malicious spyware can activate microphone and cameras, collect location information and even send out emails and text messages.

The NSO Group is one of the largest players in the business of making surveillance and hacking tools for governments and law-enforcement agencies.

WhatsApp confirmed only a select group of journalists, lawyers, political activists and human rights defenders were targeted in the security breach.

The victims of the spyware included a Saudi dissident and several Mexican journalists. NSO is blamed for its role in selling hacking tools to the Saudi and Mexican governments to tracking and monitoring the phones of whom authorities see as “troublemakers”.

WhatsApp said Citizen Lab, a research group at the University of Toronto, had notified about the vulnerability before the incident.

On the other hand, NSO did not comment on WhatsApp security breach. A statement issued by NSO read the software was “strictly” licensed to the governments and the company would investigate any “credible allegations of misuse” of its technology. The NSO Group is currently facing four know legal cases, three in Israel and one based in Cyprus.

“NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics,” said Danna Ingleton, Deputy Director of Amnesty Tech.

Amnesty International, a London-based non-governmental organization focused on human rights, filed a petition with the District Court of Tel Aviva to revoke NSO group’s export license.

The NSO Group came to the limelight in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates.