The chances of receiving a virus or being hacked on WhatsApp have always been high, especially if the user is not very cautious.
There are always -and there are many- those who open documents or enter unknown links. They are the eternal victims.
But an Israeli company discovered a new way to hack WhatsApp information without the need to answer a phone call. Much less to click on any document.
The Financial Times notes that the Israeli spy firm NSO Group developed a way to inject malware into certain phones … simply by calling.
The call does not need to be answered, and they often leave no traces in the phone records.
The vulnerability was discovered by the messaging network in May, releasing a protective patch this week. After talking to a number of human rights groups, he pointed to “a private company known for working with governments to deliver spy viruses.”
NSO denied any allegation.
How did the WhatsApp security breach occur?
WhatsApp did not explain how it discovered the flaw, but the Facebook-owned company indicates that it continues to take precautions. It is hoped that with the updates made this week, their clients will not be subject to spyware.
According to Karsten Nohl, chief scientist at the German company Security Research Labs, “there may be remotely exploitable errors.”
Wired spoke to Nohl, who explained that the origin may lie in the use of voice over Internet protocol to connect users.
VoIP applications must recognize incoming calls and notify them, even if the user does not answer, says Nohl. “In the case of WhatsApp, the protocol for establishing a connection is quite complex. So there is definitely room for exploitable errors that can be triggered without user response. ”
Facebook considers the WhatsApp vulnerability to be derived from a common type of error known as buffer overflow. A class of attacks strategically overloads the buffer, overflowing data elsewhere in memory.
“It’s a weird incident, but it’s not too weird these days,” CryptoPhone explains to Wired Bjoern Rupp. “Security was never the initial objective of WhatsApp, so it has several vulnerabilities.”