The April-May spyware raises a lot of questions for WhatsApp to answer. The app boasts of 1.6 billion users worldwide and 400 million users in India. Unique downloads for WhatsApp have fallen since the attack. Mint takes a look at the impact and the road ahead.

How did Pegasus breach WhatsApp?

Pegasus, designed to monitor activity in real time, collects historic data on a device and then transmits them to a remote server. It relies on phishing text messages with malicious links. In the case of WhatsApp, it exploited the buffer overflow vulnerability by sending specially crafted secure real-time transport protocol packets via missed video calls. To stay under the radar, the spyware erased the incoming call from the app’s call logs. WhatsApp said the spyware was used by the clients of Israeli tech firm NSO Group to target 1,400 WhatsApp users in 20 countries, of whom more than 100 are in India, as per news reports.

The messages in numbers
The messages in numbers

What was the extent of the compromise?

Toronto-based Citizen Labs, which was helping WhatsApp in its internal investigation into the attack, found that after the spyware is installed on a victim’s device. It then connects to the hacker’s control server to receive and execute commands and then sends passwords, contacts, calendar details, location, text messages and live voice calls from the device to the server. The spyware, developed by the Israeli firm focused on cyber intelligence, also allows the hacker to switch on the camera and microphone of the phone to see who the target is meeting or talking to and listen in on their conversation.

Does this mean WhatsApp’s encryption is not effective?

The spyware attack exploited a then unknown vulnerability in WhatsApp to infiltrate the targeted user’s device. Once infiltrated, the result was the same as the attacker having your device in his hand. So, while WhatsApp’s encryption wasn’t breached, it was ineffective in this case, just like it would be if someone else is using your phone in your stead.

Have there been any other vulnerabilities?

In October, Awakened reported a double-free vulnerability that could have been exploited by sending a malicious GIF file as a document to WhatsApp to install a malicious app on the phone. In August, Check Point Research showed how WhatsApp’s source code could be reverse-engineered to intercept and tamper encrypted messages. In July, Symantec said media files could be jacked because of the time lapse between when they are written to the storage and when they are loaded on the chat page.

Is it safe to use the messaging app now?

WhatsApp patched most of these vulnerabilities once they were brought to its attention. Some experts believe it is safe to use WhatsApp, but like any software it can still have bugs. Many people are not sure if the patch protects the app from being exploited again as some malware can be persistent. Media file jacking cannot be ruled out on platforms such as Telegram. Even if WhatsApp did not have the vulnerability, Pegasus could have found a way to target users through phishing text messages or by exploiting another app.

Close