WhatsApp has admitted on Monday that it has been affected by a vulnerability in its application that allowed hackers to install spyware on some phones and access the data contained in the devices.
WhatsApp has acknowledged in turn that it can not say how many people were affected, but assured that the victims were chosen “in a specific way”, so that in principle it would not be a large-scale attack.
Among those affected, there would be several organizations in defense of human rights , which has pushed the company to consider the involvement of “a private company that apparently works for states in order to provide spyware services.”
According to several experts, this company would be NSO Group, an espionage group of Israeli origin that has already acted in the past in a similar way.
THE NUMBER OF AFFECTED IS NOT KNOWN YET
The messaging app acquired by Facebook in 2014 confirmed all this information after its publication in the Financial Times .
WhatsApp immediately asked its 1.5 billion users to update “the application to its latest version” and keep the operating system up to date as a protection measure. The spyware had ability to infect phones with Apple operating system (iOS) or Google (Android).
At the time of publication of this news, WhatsApp has already released an update for both iPhone and Android mobile . Those who have version 2.19.51 on iOS and version 2.19.139 on Android, on paper, should already be protected.The spyware or spyware that was installed on the phones “resembles” the technology developed by the Israeli cybersecurity company NSO Group, which led WhatsApp to place it as the main suspect behind the spy program.
To alleviate future problems, the company has also worked during the last week to prevent similar attacks from being carried out in the future with other spyware.
HOW SPYWARE WORKS
The hackers made a call through WhatsApp to the phone whose data they wanted to access and, even if the receiver did not take the call, the program was installed inadvertently. Its sophistication is such that, subsequently, the call disappeared from the app’s history. This has made its identification almost impossible.
According to José Rosell , managing partner of S2 Grupo, the vulnerability allowed “an injection of code in the mobile device” that allowed “take control of the device.
It was “directed attacks, not massive” in which the attacker had to know who was his victim, it was necessary to know his phone. ” It’s a full-blown cyber-espionage campaign, ” says Rosell.
The most serious, in any case, is that WhatsApp knew the existence of this failure less than a month ago and, although it has warned users already affected of it, it is not clear how long it has been used to spy.
WhatsApp said that just after knowing that the attacks had occurred, he warned human rights organizations (which were among the victims of espionage), cybersecurity companies and the US Department of Justice.
That some of the affected organizations are platforms for the defense of human rights reinforces the hypothesis of involvement by the NSO Group, since its software has been used in the past to carry out attacks against this type of entities.
NSO Group, which operates in an opaque way and for many years did it secretly, designs spyware for its clients, among which are governments from all over the world, which use it to access mobile devices and obtain information.
However, Rosell believes that it is very difficult to attribute the authorship of the attack. Although the software itself is similar to the one used by NSO Group, this does not mean that the company is behind, which also makes it difficult to know who has been affected by it.
The first advice that Rosell gives to users, and that extends to any application, is ” do not wait even a minute to update the applications .” The new versions do not always include new functions, but that’s not why those that correct errors should be ignored.
“Absolutely all applications have vulnerabilities,” something that “is linked to the use that is made of them.” That is, the more they are used, the more faults they can discover. The problem is that until the sector does not know them, they can not be corrected and, in this case, being a directed attack, the tracks were more subtle and it took longer to patch WhatsApp.
On the other hand, he recommends ” using common sense “. “It is very difficult to detect an attack, but there are always clues.” This way, if you receive an unknown missed call -especially if it disappears later- or if the phone works strangely, you should go to a specialist.
In this sense, Rosell recalls that a person is also their environment and that, although at first glance you may think that your profile would not be attractive for an attacker, it could be because of your workplace or your contacts. Therefore, he says, “you always have to update.”