page contents
Connect with us

24 Hours Across Africa

WhatsApp advise users to update their apps after discovering ‘targeted’ surveillance attack

Published

on

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber actor”.

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

The problem was first discovered earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

How do I update WhatsApp?

Android

  • Open the Google Play store

  • Tap the menu at the top left of the screen

  • Tap My Apps & Games

  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

  • The latest version of WhatsApp on Android is 2.19.134

iOS

  • Open the App Store

  • At the bottom of the screen, tap Updates

  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

  • The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

Prof Alan Woodward from the University of Surrey said it was a “pretty old-fashioned” method of attack.

“In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area,” he explained.

“In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work.”

Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.

Tweet by Krutosh: How come there is no mention of security related bug fix in What's new?Image copyrightTWITTER

Who is behind the software?

The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”.

While some cyber-security companies report the flaws they find so that they can be fixed, others keep problems to themselves so they can be exploited or sold to law enforcement.

The NSO Group is part-owned by the London-based private equity firm Novalpina Capital, which acquired a stake in February.

NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”

Who has been targeted?

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

Amnesty International – which said it had been targeted by tools created by the NSO Group in the past – said this attack was one human rights groups had long feared was possible.

“They’re able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

“There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry.”

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel’s Ministry of Defence to revoke the NSO Group’s licence to export its products.

What are the unanswered questions?

  • How many people were targeted? WhatsApp says it is too early in its investigation to say how many people were targeted, or how long the flaw was present in the app

  • Does updating WhatsApp remove the spyware? WhatsApp has not said whether updating to the latest version of the app removes any spyware that has already infected a compromised device

  • What could the spyware do? WhatsApp has not said whether the attack could extend beyond the confines of WhatsApp, reaching further into a device and accessing emails, photos and more

“Using an app as an attack route is limited on iOS as they run apps in very tightly controlled sandboxes,” said Prof Woodward. “We’re all assuming that the attack was just a corruption of WhatsApp but analysis is still ongoing.

“The nightmare scenario would be if you could get something much more capable onto the device without the user having to do anything,” he said.

The BBC has asked WhatsApp for clarification.


@ Anttention Fresh,                
We work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGEonline training

Continue Reading
Advertisement

24 Hours Across Africa

Barcelona appoints ‘Valdes’ to coach their youth team

Published

on

The Spanish giant ‘Barcelona’ has appointed their legendary star victor Valdes to coach U19A team.

The Spaniard picked up UEFA A and B coaching licences after retiring from football last year and has now reunited with the Blaugrana

The 37-year-old racked up 539 appearances for Barca across all competitions over the course of 12 seasons between 2002 and 2014, winning 21 major titles in total.

Valdes picked up three Champions Leagues, six La Liga titles and won the Copa del Rey twice, earning legendary status at the club while also establishing himself as one of the finest shot-stoppers in Europe.

Barcelona released the following statement on their official website: “Victor Valdes is back at FC Barcelona after signing a contract on Friday morning to become the new head coach of the U19A team. The agreement binds him to the club until June 2020, with the option for an extension by one additional season.

The Spanish born has been enjoying with ED Moratalaz role in the fifth tier of Spanish football before Barcelona reach an agreement with him.

KINDLY FOLLOW US ON SOCIAL MEDIA & SHARE THIS STORY
INSTAGRAMLINKEDINYOUTUBETWITTER & FACEBOOK

@ Anttention FreshWe work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP
Submit Your Story: Click Here to Submit    Contact: allmails@antvt.com
Breaking News: SMS: +2347066663071, Whatsapp: +2347066663071, Email: allmails@antvt.com
TO UPLOAD & PROMOTE YOUR PRODUCTS CLICK IMAGE
JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGE

Continue Reading

24 Hours Across Africa

BMW and Tencent to team-up in developing self-driving cars

Published

on

(Reuters) – German automaker BMW (BMWG.DE) and Chinese online gaming giant Tencent Holdings (0700.HK) are teaming up to launch a computing center in China that will help develop self-driving cars in the world’s biggest auto market, the companies said on Friday.

The computing center, which will start operations by the end of the year, will provide cars with data-crunching capabilities to help them drive semi-autonomously and, eventually, autonomously.

The two companies did not disclose the investment in the center. Sources familiar with the deal said the center will be built in the eastern city of Tianjin.

The establishment of the center “will support BMW’s autonomous driving development and innovation in China,” Jochen Goller, head of BMW’s China operations, said in a statement.

“BMW can, therefore, develop autonomous driving solutions that fit better with the specific driving conditions in China.”

BMW said the new computing center will leverage Tencent’s cloud computing and big data, and provide the automaker with infrastructure needed to develop the autonomous cars.

The Munich-headquartered automaker says it will likely introduce semi-autonomous, or L3 classification, cars in China in 2021 which would need massive computing power to analyze real-time flow of digital information on road and traffic conditions.

Driverless cars need sophisticated data-crunching capabilities as they rely on so-called artificial-intelligence, or neuro-network technology, to help them “learn” from experience and could eventually drive themselves without human intervention.

BMW’s planned Chinese computing center follows the opening earlier this year of a similar computing center in Munich.

KINDLY FOLLOW US ON SOCIAL MEDIA & SHARE THIS STORY
INSTAGRAMLINKEDINYOUTUBETWITTER & FACEBOOK

@ Anttention Fresh,We work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP
Submit Your Story: Click Here to Submit    Contact: allmails@antvt.com
Breaking News: SMS: +2347066663071, Whatsapp: +2347066663071, Email: allmails@antvt.com
TO UPLOAD & PROMOTE YOUR PRODUCTS CLICK IMAGE
JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGE

Continue Reading

Facebook

Advertisement
Flag Counter
Advertisement

Trending

Copyright © 2018 Anttention Media. All rights reserved