A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said.
WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function.
The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack.
I never answer phone calls from telephone numbers I am not familiar with, let alone when the incoming callers his their number blocked. Apparently, though, not even protects you from attacks such as these.
Never liked WhatsApp, I use Telegram as it feels more secure and private.
Not sure telegram etc would inherently be better here though – one could still have an exploitable bug in the message/call handling that allowed injecting malicious code.
Just a case of a nasty security bug.
Whether WhatsApp should have disclosed as soon as they were aware of the bug vs after they’d patched it is arguable tho
Which is all well and good until you realise that your family, friends and work colleagues all use WhatsApp, and so you’re excluded from much of their conversation.
Couple things
1) Don’t do bad things.
2) if you need security for financial reasons or to escape repressive regimes, don’t use telegram
https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
Israel , a serial offender so perhaps we ought to ban software and hardware tech from Israel
I guess we have a list now:
US
China
Israel
Anything other country who have proven lately we can’t trust products from ?
Sarcasm agreed! You can’t trust software is the lesson here. No country writes perfect code. The basic premise of encryption / security is that someone is always trying to break in. So the issue is the vulnerability, not the Israeli or whomever breaker. The breaker is a given. Ironically WhatsApp may be the more secure platform after experiencing this. A lot of companies who were caught with their pants down pull them up the highest afterwards.
Israel is a tech haven, you will lost a fortune if you ban Israel’s tech.
It is Hamas raining of rockets indiscriminately to civilians and Iran’s constant threat to annihilate Israel were the serial offenders. And no, just saying of “we are being pushed into a corner” won’t work as an excuse for Hamas to fire rockets.
What on earth has that got to do with Israel’s propensity to engage in illegal espionage activities abroad?
http://countrydetail.com/top-10-countries-with-most-hackers-cyber-criminals/
Not even on the top 10
A) That’s a list of countries with cyber criminals, not state actors
B) Per-capita, GDP, etc comparisons are a thing
C) I never said Israel was in the top 10 or had any other particular ranking.
Behold the straw man made out of whataboutisms!
Good idea, immediately return your mobile phone and computers since they almost certainly have tech invented in Israel. Also don’t use a USB stick since those were invented in Israel. Also, if you or a loved one end up in a hospital make sure the life saving equipment is not manufactured or has Israeli components in them (which many do) before they are used to saved your life.
Yeah, umh no one signed up to have the malware installed. If we can just wave a magic wand and ban malware based on the country of origin, I’d be doing a lot of waving right now.
Kinda makes me glad and sad that I still use my BB Z30 as my daily driver.
Oh don’t worry that is compromised without needing malware. Its baked in.
This is funny, coming a few days after WhatsApp denied me support for a problem I was having because I was using Sailfish OS – apparently doing so threatened the security of their service…
They were also right. The two are not mutually exclusive.
They may not be mutually exclusive, but if running clients on anything other than stock Android threatens WhatsApp security, then I can’t help feeling they’re doing it wrong.
I disagree. I’m not sure its possible to have a “safe” app in an environment that itself isn’t safe. The operation system controls all of the system calls you make (duh), so you want some memory to write some secret stuff like an encryption key? Ok, if the kernel is compromised, you’re toast.
Sure I agree with that, but they can’t guarantee that any more on stock Android than on Sailfish OS. The service is end-to-end encrypted, what happens beyond the endpoints they can’t do anything about, so if it’s a security threat to anything that happens in between, like their servers, then there’s something wrong.
In general, I’d say it’s not a good sign if a service feels threatened by the clients that connect to it.
To be fair, the vast majority of (Android) WhatsApp clients are running on non-stock Android setups – heavily customised by various phone manufacturers and frequently lacking current security fixes.
I’m not saying otherwise, just that it struck me as funny that they were so concerned with security as to refuse to answer a support question (which, incidentally, could also be an issue on stock Android) while such exploits were present.
My guess here (as some that works in software dev) is that they saw that you are trying to run it on an unsupported OS and said as much. Most software is only supported and tested on particular operating systems (and often specific variants and versions). Others, such as Sailfish in this case, are likely not tested and any unusual issues could be due to bugs in the OS itself. It is similar to how Adobe or most developers of software for Windows would respond if you said their software didn’t work in Wine – it is not something they’ve tested nor support, and therefore they cannot be certain that the issue isn’t caused by it.
Absolutely, I fully understand that and wasn’t questioning it. It was an automated reply based on the submitted logs, so they didn’t “see” anything. I was just amused by the timing of it.
What a shocker a Smart phone tracking people. and people look at me weird for still carrying a flip phone.
Awesome. Good luck avoiding stingrays. https://www.aclu.org/issues/privacy-technology/surveillance-technologies/stingray-tracking-devices
Jared Kushner uses WhatsApp to communicate privately with the Saudi Crown Prince. Saudi Arabia is known to use this malware, too.
What interesting times we live in…