On WhatsApp, it may be hackers calling | Mint
Active Stocks
Thu Feb 22 2024 10:06:45
  1. Tata Steel share price
  2. 144.95 0.76%
  1. Power Grid Corporation Of India share price
  2. 275.60 -1.62%
  1. State Bank Of India share price
  2. 764.45 -0.92%
  1. NTPC share price
  2. 332.50 -1.07%
  1. Tata Motors share price
  2. 918.95 -0.23%
Business News/ Technology / App News/  On WhatsApp, it may be hackers calling

On WhatsApp, it may be hackers calling

The firm said it was investigating the breach, but believed only a select number of users were targeted
  • WhatsApp, one of the most popular messaging tools in the world, has touted its high level of security and privacy
  • A security message is seen on a Whatsapp screen in this illustration photo. (Reuters )Premium
    A security message is seen on a Whatsapp screen in this illustration photo. (Reuters )

    NEW DELHI : The uncomfortable truth for billions of WhatsApp users around the world is that the messaging app is not as secure as it is made out to be.

    The Facebook-owned app, which has more than 200 million users in India alone, has pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial spyware.

    WhatsApp, one of the most popular messaging tools in the world, has touted its high level of security and privacy, with messages on its platform being encrypted end to end so that WhatsApp and third parties cannot read or listen to them. The company said it was still investigating the breach, but believed only a “select number of users were targeted".

    The breach was first reported by The Financial Times. The report indicated that the spyware gets installed on a user’s phone through calls, even if the user doesn’t pick them up. To stay undetected, the spyware erases the incoming call from WhatsApp’s call logs.

    The FT report claims that the malicious code behind the spyware attack was developed by NSO Group, an Israeli software company that has recently been accused by Amnesty International of making spyware products used to target human rights activists worldwide.

    WhatsApp said it was “deeply concerned about the abuse" of such surveillance technologies and that it believed human rights activists might have been the targets.

    “We’re working with human rights groups on learning as much as we can about who may have been impacted from their community. That’s really where our highest concern is," said a company spokesman.

    In a statement, NSO Group said its technology “is licensed to authorized government agencies for the sole purpose of fighting crime and terror".

    In a notice, WhatsApp identified the flaw as a “buffer overflow" vulnerability in WhatsApp’s “VOIP stack".

    In a blog post, Cloudflare, a US-based security firm, explained that buffer overflow attacks occur when certain memory areas of a running process are overwritten with data beyond the buffer’s capacity. Buffers are usually designed to hold a certain amount of data, unless the app using the buffer has been programmed to discard old data and make room for new data in case of an overflow.

    Attackers can exploit this to feed a carefully crafted input into a program, causing the program to store the input in a buffer that doesn’t have enough space. This lets them overwrite areas with executable code and replace them with malicious codes.

    Unix-based operating systems such as iOS and Android use a sandbox design, which separates the app layer from the rest of the system, making them more difficult to attack. “The attack installs an application called Pegasus on the target device, which can potentially escape the application sandbox implemented by the OS and read text messages, activate the microphone and camera, and collect sensitive information stored on the device," said Jaspreet Singh, partner-information security at EY.

    Reuters and Bloomberg contributed to this story.

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    Abhijit Ahaskar
    Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
    Catch all the Technology News and Updates on Live Mint. Check all the latest action on Budget 2024 here. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Published: 15 May 2019, 12:18 AM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App