WhatsApp Hacked! But how?

WhatsApp Hacked! But how?

If you use whatsapp or know anyone that does then this is seriously important. 
Recently we had the iphone issue that allowed anyone to bug an iphone, all you had to do was make a facetime call to your victim and you'd be able to listen in on their conversation whether or not they picked up.
But a recent whatsapp hack looks a whole lot worse. Consider this a PSA: Update whatsapp!
 
The lid on this was blown by the financial times, reporting that a backdoor had been found in the latest whatsapp versions on both iphone and android. This backdoor is pretty ominous in that all it takes to be infected is to receive a call from a malicious individual; even if you don't pick up an attacker would be able to install spyware on your phone. It's been suggested that targeted individuals have even had their call history wiped, so there's no way they would even know they'd been pawned.
 
This works via a buffer overflow vulnerability in whatsapp's voip stack, which allows remote code execution using a specially crafted series of  packets sent to a target phone number. The vulnerability itself is said to come about due to a bug in libssh, an open source library used by whatsapp. Once compromised a device can be loaded with spyware to go through your photos, past messages, etc. Essentially once you're compromised its all over. (UPDATE: It is not yet clear whether the hack is able to escape ios/android's app sandbox)
 
Whatsapp released a patch for this May 13th, so if you have the app and there's a good chance you do, given 1.5 billion people globally use whatsapp. You should go ahead open your app store, google play store whatever it is you use, and update whatsapp as a matter of some urgency. The latest version of whatsapp on android is 2.19.134 and 2.19.51 for iphone, so at the time of writing this article even my phone is vulnerable. 
 
It's been alleged that the malicious code was developed by the NSO group. And here's where it gets spicy... NSO is a company that creates and sells spyware; not on a small scale. Based in Israel they advertise their 'services' to Middle Eastern and Western governments with the intention that their spyware will help fight terrorism and crime. Their flagship product is called 'Pegasus' a program that can monitor a phone's microphone and camera and do all kinds of nasty deeds. This has recently been sold to countries like Saudi Arabia which don't have the greatest track record when it comes to human rights.
 
It's not surprising that other countries such as Mexico are thought to have tried to infect journalists with this pegasus spyware.
 
On May 12th a human right lawyer's phone was targeted - unsuccessfully mind you, but get this: This lawyer (who remains anonymous) is embroiled in a lawsuit against NSO, representing Mexican journalists and saudi dissidents he or she is suing NSO in Israel, alleging that the company shares liability for abuse of its software. 
 
It really gets your nogin' joggin', unless a rogue state is engaging in hacks on behalf of or to protect NSO, the finger points to NSO themselves in the hacking of this lawyer - which would be pretty big news and we definitely haven't heard the last of this either way. Alas things are often never as simple as they seem, so this is pure conjecture.
NSO is fighting a battle on another front, amnesty international is pleading with Israeli courts to rescind NSO's export license which allows them to sell their services to other countries. They make big claims such as alleging NSO's products were used by the Saudis to track and trap individuals such as murdered journalist Jamal Khashoggi.
 
Evidently there's a lot going on here, more details are sure to follow in the coming days as more comes to light and the lawsuits progress.
 
Previous article Exfiltrating Files With A Pi Zero
Next article Making A WiFi KeyLogger With Arduino