What’s Going On With Facebook’s WhatsApp? Questions & Answers

Spyware was recently being installed on cell phones. This was due to an exploit in Facebook’s WhatsApp. We’re getting a lot of questions about the WhatsApp exploit, so we wanted to address some to the concerns people are having. Here’s what happened…

Attackers remotely installed surveillance malware on a few “selected” smartphones. They were able to listen to victims’ calls simply calling their phone numbers over a WhatsApp audio call. WhatsApp patched the vulnerability but it’s still recommended that you update your WhatsApp app just to be sure you won’t be affected.

What’s WhatsApp?

It’s a free messaging and Voice over IP (VoIP) service provided by Facebook. You can use it to send text messages, make voice and video calls and send images, documents and your location. It runs on mobile devices, but you can also use it on desktop computers.

How Did This Hack On WhatsApp Happen?

A buffer overflow vulnerability in WhatsApp VoIP allowed remote attackers to execute arbitrary code on targeted phones by sending a specially crafted series of SRTCP packets (Secure Real Time Control Protocol).

The vulnerability Is being identified as CVE-2019-3568.

This is a zero-day attack; meaning that it took place before the software developers had a chance to create a patch to fix it.

The hackers could install the spyware and steal data from a targeted Android or iPhone by merely placing a WhatsApp call, even when the call wasn’t answered.

What Phones Were Affected?

The CVE-2019-3568 vulnerability affects all except the latest version of WhatsApp on both Android and iOS phones. This flaw could have affected all 1.5 billion people using WhatsApp before Facebook finally patched it.

Facebook reported the following:

“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.”

WhatsApp engineers discovered the vulnerability earlier this month and alerted the Department of Justice about the issue. WhatsApp says that they can confirm only a select number of people were targeted.

Who Is Responsible For The Attack?

We don’t know, but this spyware is made by NSO Group Technologies. They produce the most advanced mobile spyware available, and they sell it to governments, and law enforcement agencies worldwide, as well as dictatorial regimes.

NSO Group Technologies’ Pegasus spyware also allows hackers to access data from victims’ smartphones remotely, including their text messages, emails, WhatsApp messages, contact details, calls record, location, microphone, and camera. It can do this all without your knowledge.

How Can We Tell If We Were Listened To?

You can’t because the spyware erases all the incoming call information from your logs.

What’s Being Done?

Citizen Lab, a watchdog group at the University of Toronto, is investigating NSO Group Technologies’ activities. They think this vulnerability was used recently to attack a UK-based human rights lawyer.

What Should We Do?

Users of both iOS and Android should update their WhatsApp app to the latest version as soon as possible.

How Can We Protect Ourselves From Zero-Day Attacks Like This?

The best thing to do is to contact us to set up protection on your IT system that protects against advanced threats like zero-day attacks. You need an IT services company like Discovery I.T. that is also a Managed Security Services Provider (MSSP).

Cyber threats are evolving and more sophisticated than they were in the past. And they aren’t going away any time soon. Even large enterprises like Facebook and Under Armor, continue to be attacked even though they spend millions to protect their businesses from cyberattacks. They have the resources and capitol to stay in business when they’re attacked. But many small and mid-sized businesses like yours do not. Don’t let yourself become a victim!

How Will An MSSP like Discovery I.T. Protect Our Business?

With complete Managed IT Security Services to protect your data and your organization. You’ll get routine security scans, penetration and vulnerability testing and other security management processes to ensure the security of your organization and data.

Discovery I.T.’s MSSP services responds to today’s growing threats by using smarter 24/7 intelligence-driven services that focus on maximizing security and minimizing damage.

Your organization will be protected by:

  • Security Incident and Event Management (SIEM) that identifies, monitors, records and analyzes security events in real-time. This provides a centralized and comprehensive view of the security posture of your IT infrastructure.
  • Intrusion Detection Systems to automatically alert them when someone or something is trying to compromise your information system through malicious activities or security policy violations.
  • Intrusion Protection Systems that monitor network traffic and take action with an incident occurs based on prescribed rules. This is an active, real-time device, and will protect your network from threats, such as denial of service (DoS) and unauthorized usage.
  • Firewalls which are the first line of defense to block unauthorized access and unauthorized Web users or illicit software from gaining access to your network.
  • Antivirus Solutions that detect, prevent, and remove viruses, worms, malware and new threats from infecting your computers.
  • Vulnerability Testing to assess the security strength of your network. It locates the vulnerabilities and security gaps that can compromise the overall security, privacy and operations of your network.
  • Compliance Management to ensure your IT complies with any industry standards or government regulations your business must adhere to.

Discovery I.T. is your local MSSP in Southeast Texas.

Need more information about cybersecurity for your business in SE Texas? Visit our Blog.

Ransomware Hits Popular Cable TV Network

Microsoft Accounts Targeted For Months, Hackers Serve A Security Reminder

New Whaling Schemes: CEO Fraud Continues to Grow

Call Us: (409) 727-7080