WhatsApp cyber attack and buffer overflows: what they are and how to avoid them later
Published: 15 May 2019 - Christian Lynn
Following spyware firm NSO Group’s suspected cyber breach, affecting millions of WhatsApp users around the globe, Daniel Follenfant, senior manager of penetration testing and consulting services for NTT Security, details the nature of the attack and how you can protect your software against further breaches:
“The hacking of WhatsApp’s messaging service is a classic example of a buffer overflow attack. These are particularly clever because they enable access to a device without the user even answering the call."
"In their simplest form, buffer overflows are a way of writing code, in memory, which will then be executed. The WhatsApp incident resonates the classic but more sophisticated buffer flow attack. To carry this out, the attacker had to deceive the receiver by making a call, sending packets of data during the process. The packet execution forces WhatsApp’s internal buffer to overflow, overwriting the app’s security and unlocking surveillance capability on encrypted chat, enabling eavesdropping and control of the camera.”
“There is nothing you can do about this: WhatsApp has quickly addressed the problem by releasing a patch for applications already running, and the new versions do not appear to be susceptible.”
“Our advice to users is to check that you are not running a susceptible application, by checking the version number running. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348 and WhatsApp for Tizen prior to v2.18.15. If you are unable to locate the version or are worried, you should backup your messages and completely remove WhatsApp, reinstalling the latest version on the relevant app store.”
“This was a very coordinated attack developed by NSO group, who in the past have been able to breach phone security with their Spyware Pegasus software, and we urge all users to update their WhatsApp application.” www.nttsecurity.com