16:54 GMT02 August 2021
Listen Live
    Get short URL

    A major vulnerability in the "WhatsApp" service, owned by Facebook, allowed hackers to install surveillance software on numerous phones and devices using just the messenger's call functionality. The company has notified the US Department of Justice and key European regulators about the sophisticated spyware attack.

    According to reports, the devices could have been infected even without users picking up the hacker's call.

    Matthew Hickey, a security researcher and co-founder of the cybersecurity firm Hacker House has told Sputnik about possible ways to solve the problem.

    Sputnik: The spyware developed by the Israeli cyber intelligence company NSO Group, used infected phone calls to take over the functions of operating systems. How vulnerable are WhatsApp and similar messengers?

    Matthew Hickey: WhatsApp and Mobile Messaging applications today are just as vulnerable to computer exploits today as desktop computers were in the past. The recently reported spying utility KARMA operated by former US NSA intelligence contractors in the Middle East reportedly used similar exploits to the WhatsApp issue.

    These exploits are often used to obtain sensitive information for espionage purposes. Google Project Zero extensively audited the WhatsApp code and shared its findings. Independent researchers looked as well. Despite these efforts, occasionally vulnerabilities like the announced WhatsApp flaw surface.

    READ MORE: Expert on WhatsApp Hack: Public Have to Be Aware that Everything Is Vulnerable

    Sputnik: Is there a possibility that the upgrade won't help?

    Matthew Hickey: The WhatsApp upgrade will certainly prevent exploitation of this known flaw, however, how many of us really inspect devices for other signs of attacks? Kaspersky is one of the few mobile vendors who worked recently with the EFF to enhance spyware detection capabilities. This was a milestone as many vendors are simply not even looking for spyware of this nature and much of it goes undetected.

    It is important to understand that although you are protecting against this one vulnerability, what happens if one of your other applications is attacked? Do you regularly sweep your smartphone with anti-virus tools?

    Exploit reward companies are offering upwards of $50,000 per exploit of the NSO WhatsApp exploit type. So it would be wise to assume others exist. It is the highest priority of many companies and agencies to secure mobile device application data and using exploits is one way that the work is undermined.

    Sputnik: It took time to detect the spyware, what kind of programme it is?

    Matthew Hickey: Valuable exploit information of this nature is used sparingly and in situations where detection is not likely to be noticed, many such tools are sold with unique requirements that prohibit distribution or use in specific ways — this means an attack of this nature could be seen as expensive for an individual but cheap for a global corporation.

    This attack is one that was detected that was still being exploited in the wild — this shows that perhaps the persons responsible for it were not selective enough in their application. It is rare for a remote code execution attack that impacted mobile devices to publicly be disclosed, however dozens of attacks occur in the wild each year and the nature of data targeted by attackers continues to become ever more personal.

    READ MORE: WhatsApp Referred Spyware Attack to US Justice Department

    Sputnik: WhatsApp has alerted US law enforcement to the exploit, and published a "CVE notice" to other cybersecurity experts alerting them to "common vulnerabilities and exposures". What steps by the government do you expect?

    Matthew Hickey: WhatsApp alerting US law enforcement and publishing CVE details will help other vendors and software companies understand the risks and lessons learned during this incident. Government action should also be to investigate the widespread usage of mobile applications that they depend upon.

    The French government created a private network for ministers that was breached on the first day, so it's important that globally we understand that the threats are advanced.

    Sputnik: What can you say about NSO Group, involved in several scandals of this kind recently?

    Matthew Hickey: NSO Group is one of a number of companies that publicly trade and deal in exploit technology. There are a number of such companies that have been continually found to be trading to countries like Mexico where it was used to spy on journalists and in South Korea where lawyers and activists were targeted by NIS using mobile malware.

    In the wrong hands a WhatsApp vulnerability like the one disclosed today could have been used in a more global incident like WannaCry, but impacting us all much more personally. It's important that you ensure patches are applied and consider using security solutions to safeguard all your personal data.

    Views and opinions, expressed in the article are those of Matthew Hickey and do not necessarily reflect those of Sputnik.

    The views and opinions expressed in the article do not necessarily reflect those of Sputnik.


    Expert on WhatsApp Hack: Public Have to Be Aware that Everything Is Vulnerable
    WhatsApp Referred Spyware Attack to US Justice Department
    WhatsApp Vulnerability Used to Instal Israeli Spyware, Users Urged to Upgrade
    United Kingdom, US, Facebook, WhatsApp, cyber attack, hacking, cyberattack
    Community standardsDiscussion