Whatsapp Surveillance Attack: Facebook, the owner of Whatapps have recently confirmed the fact that Hackers are remotely surveillancing on their users smartphones and other devices. The hackers are utilizing a big vulnerability in WhatsApp to install a Whatsapp Surveillance Attack software on their target’s devices. Facebook informed their users, through a statement that the surveillance software is targeting a selected group of users and called the person behind the act to be advanced cyber actor.
Facebook came to know about this spyware earlier this month. This Whatsapp Surveillance Attack software is able to retrieve video footage and audio using the camera and microphone of the affected smartphones and other devices. It is also speculated that the surveillance software can read messages from the target user’s device. According to a report published in the Financial Times, this surveillance software is the one that has been developed by an Israeli company called NSO Group.
In order to prevent the users from getting affected by this spyware, Facebook has released a new update as on Friday and has urged all of it’s users to update their Whatsapp as soon as possible. The new update would be preventing the spyware from affecting new devices.
Whatsapp informed in a statement that a specific group of people are being targeted through this Whatsapp Surveillance Attack
system. The users who are being targeted through this spyware are the people who play an important role in the society. People who are Journalist, Lawyers, Human Rights activists and defenders, etc are likely to be the primary target’s of this spyware. By targeting such people, the hackers are aiming to get their hands on important and confidential information.
How the Surveillance software is installed?
For installing the Whatsapp Surveillance Attack software on the target users device, the hackers are using the Voice Call Feature of the WhatsApp. The hackers Call the target using WhatsApp’s Voice Call. Once the users receive the WhatsApp voice call, the spyware gets installed on their device, even if the user don’t attend the call. According to Financial Times, the voice call can also get unregistered from the user’s call log to prevent the Whatsapp users from getting suspicious.
The hackers are able to hack into the user’ devices using a vulnerability in Whatsapp. This app vulnerability has been described to be a Whatsapp VOIP (Voice Over Internet Protocol) stack vulnerability, which provides the hackers with the opportunity to remotely execute surveillance software codes through a specially crafted series of Secure Real-Time Transport Protocol packets, which are delivered to the target whatsapp user’s phone number.
A Buffer Overflow is an error where a program gets access to a memory location which it should not have access to. The hackers add their Malicious codes to such memory locations which are likely to get referenced in case of Buffer overflow. Hence the hackers are able to utilize the flaw in the VOIP of the WhatsApp to hack into the user’s devices.
The following is the list of some Do’s and Don’ts that you must follow to prevent youselves from being a victim of this spyware Whatsapp Surveillance Attack:
1. DO update you WhatsApp application from Google Play store.
2. DO keep your phone in offline mode, when not in use.
3. DO Keep your phone away while discussing valuable and confidential information.
4. DON’T send important or confidential information through WhatsApp.