Thursday, November 21, 2024

WhatsApp discovers ‘targeted’ surveillance attack

Must read

Nigerian High Commission apartments in Ghana demolished

Some new apartments built at the residence of the Nigerian High Commissioner in Ghana’s capital city Accra, have been demolished by bulldozers. The apartments have been constructed to...

Covid-19: Ghana records significant recovery numbers

Ghanaian health officials on Saturday said over 10,000 persons infected with the coronavirus have now recovered. The significant number of recoveries means the country now...

DR Congo: President’s ex-chief of staff jailed 20 years for corruption

The ex-chief of staff of the president of the Democratic Republic of Congo has been jailed 20 years by a high court. Vital Kamerhe was...

Covid-19: Zimbabwe’s health minister arrested, charged for graft

Zimbabwe's Health Minister Obadiah Moyo has been arrested over corruption allegations related to procurement of medical equipment worth $60 million. Moyo is accused of illegally...
Isaac Kaledzihttps://en.wikipedia.org/wiki/Isaac_Kaledzi
Isaac Kaledzi is an experienced and award winning journalist from Ghana. He has worked for several media brands both in Ghana and on the International scene. Isaac Kaledzi is currently serving as an African Correspondent for DW.

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber actor”.

A fix was rolled out on Friday.

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

On Monday WhatsApp urged all of its 1.5bn users to update their apps as an added precaution.

The attack was first discovered earlier this month.

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

Who is behind the software?

The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”. The business is part-owned by the London-based private equity firm Novalpina Capital, which acquired a stake in February.

NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”

Who has been targeted?

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

“They’re able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

“There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry.”

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel’s Ministry of Defence to revoke the NSO Group’s licence to export its products.

 

 

Source: BBC /

- Advertisement -

More articles

- Advertisement -

Latest article

Nigerian High Commission apartments in Ghana demolished

Some new apartments built at the residence of the Nigerian High Commissioner in Ghana’s capital city Accra, have been demolished by bulldozers. The apartments have been constructed to...

Covid-19: Ghana records significant recovery numbers

Ghanaian health officials on Saturday said over 10,000 persons infected with the coronavirus have now recovered. The significant number of recoveries means the country now...

DR Congo: President’s ex-chief of staff jailed 20 years for corruption

The ex-chief of staff of the president of the Democratic Republic of Congo has been jailed 20 years by a high court. Vital Kamerhe was...

Covid-19: Zimbabwe’s health minister arrested, charged for graft

Zimbabwe's Health Minister Obadiah Moyo has been arrested over corruption allegations related to procurement of medical equipment worth $60 million. Moyo is accused of illegally...

Ghana’s new law that jails citizens not wearing facemask 10 years

Ghanaians who fail to wear the face masks in compliance with a presidential directive risk going to jail for ten years. They also face a...