page contents
Connect with us

24 Hours Across Africa

WhatsApp advise users to update their apps after discovering ‘targeted’ surveillance attack

Published

on

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber actor”.

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times.

The problem was first discovered earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

How do I update WhatsApp?

Android

  • Open the Google Play store

  • Tap the menu at the top left of the screen

  • Tap My Apps & Games

  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

  • The latest version of WhatsApp on Android is 2.19.134

iOS

  • Open the App Store

  • At the bottom of the screen, tap Updates

  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open

  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version

  • The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

Prof Alan Woodward from the University of Surrey said it was a “pretty old-fashioned” method of attack.

“In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area,” he explained.

“In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work.”

Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.

Tweet by Krutosh: How come there is no mention of security related bug fix in What's new?Image copyrightTWITTER

Who is behind the software?

The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”.

While some cyber-security companies report the flaws they find so that they can be fixed, others keep problems to themselves so they can be exploited or sold to law enforcement.

The NSO Group is part-owned by the London-based private equity firm Novalpina Capital, which acquired a stake in February.

NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”

Who has been targeted?

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

Amnesty International – which said it had been targeted by tools created by the NSO Group in the past – said this attack was one human rights groups had long feared was possible.

“They’re able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

“There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry.”

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel’s Ministry of Defence to revoke the NSO Group’s licence to export its products.

What are the unanswered questions?

  • How many people were targeted? WhatsApp says it is too early in its investigation to say how many people were targeted, or how long the flaw was present in the app

  • Does updating WhatsApp remove the spyware? WhatsApp has not said whether updating to the latest version of the app removes any spyware that has already infected a compromised device

  • What could the spyware do? WhatsApp has not said whether the attack could extend beyond the confines of WhatsApp, reaching further into a device and accessing emails, photos and more

“Using an app as an attack route is limited on iOS as they run apps in very tightly controlled sandboxes,” said Prof Woodward. “We’re all assuming that the attack was just a corruption of WhatsApp but analysis is still ongoing.

“The nightmare scenario would be if you could get something much more capable onto the device without the user having to do anything,” he said.

The BBC has asked WhatsApp for clarification.


@ Anttention Fresh,                
We work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGEonline training

Continue Reading
Advertisement

24 Hours Across Africa

Kenya: Popular author and gay activist dies.

Published

on

Kenyans prolific writer Binyavanga Wainaina, who was born in Nakuru in Rift Valley Province has died after a short illness in Kenya.

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP

He is popularly known for his debut book, a memoir entitled One Day I Will Write About This Place, was published in 2011.

Image result for binyavanga wainaina

In January 2014, in response to a wave of anti-gay laws passed in Africa, Wainaina publicly announced that he was gay, first writing a short story that he described as a “lost chapter” of his 2011 memoir entitled “I am a Homosexual, Mum”, and then tweeting: “I am, for anybody confused or in doubt, a homosexual. Gay, and quite happy.

Prize-winning Kenyan writer Binyavanga Wainaina has died in Nairobi after a short illness at the age of 48.

Wainaina was also named among Time Magazine’s 100 most influential people in 2014 for his gay rights activism.

He “demystified and humanized homosexuality” author Chimamanda Ngozi Adichie wrote at the time.

Wainaina was one of the first high-profile Kenyans to openly declare he was gay and “he felt an obligation to chip away at the shame” that people felt about being gay, Adichie added.

Wainaina challenged Kenyans to rethink their negative stereotypes about homosexuality, Nyabola added.

“Inasmuch as homosexuality is illegal in Kenya, there are people who are very comfortable with their identity… but the public space for acceptance and respect has always been lacking and even characterised by violence,” Nyabola said.

“What he said is ‘look I’m here and I’m still the same person that you know and love and respect ‘… I think it’s incredibly powerful,” she added.

Homosexual relations are currently illegal in Kenya but the Supreme Court is due to rule on Friday whether to overturn the law banning them.


@ Anttention Fresh,                
We work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGEonline training

Continue Reading

24 Hours Across Africa

Algerians army Chief shun claims over political ambition.

Published

on

Algeria’s army chief of staff said on Wednesday he had no political ambitions in response to democracy activists who say that he intends to copy the authoritarian model of Egypt.

DOWNLOAD ANTTENTION FRESH NEWS ON THE GO APP
The armed forces have been a pivotal power center in Algeria for decades and have been managing a transition after mass protests forced President Abdelaziz Bouteflika to resign last month after 20 years in office.

Street demonstrations have continued to press demands for a dismantling of the elite of independence veterans, security commanders and business tycoons that have run the major oil and natural gas producer since independence from France in 1962.

“Everybody should know that we have no political ambitions,” Lieutenant General Ahmed Gaed Salah told state television.

A presidential election has been scheduled for July 4 but an informed source said on Friday it might be postponed.

Algerian activists say they are concerned the army-steered transition toward democracy will prove illusory as in Egypt.

As Egypt’s army chief in 2013, Abdel Fattah al-Sisi toppled freely elected Islamist President Mohamed Mursi, won election himself in 2014 and then suppressed Mursi’s supporters as well as the liberal opposition in a pervasive crackdown on dissent.

In Algeria, analysts the army fears the crisis will continue at a time of worsening disorder in neighboring Libya, where there is factional fighting for control of the capital Tripoli.

Salah also said a fight against corruption and cronyism, among protesters’ main grievances, would continue and that he disagreed with some officials who said this was not a priority.

Earlier this month a military judge placed Bouteflika’s youngest brother and two ex-intelligence chiefs in custody. They joined a string of businessmen and officials under investigation over corruption ahead of the presidential election.

Said Bouteflika, who served as a top adviser to the presidency, acted as Algeria’s de facto ruler after his brother suffered a stroke in 2013 that left him in a wheelchair.

Several businessmen, including Algeria’s richest man, Issad Rebrab, have also been placed in custody pending completion of investigations into corruption allegations.


@ Anttention Fresh,                
We work hard to ensure that any news brought to you is legitimate and valuable so we leave out the noise. This material, and other digital content on this website, may be reproduced, published, broadcast, rewritten or redistributed in whole or in part BUT give us credit as your source. 

JOIN AN ONLINE LEARNING COMMUNITY CLICK IMAGEonline training

Continue Reading

Facebook

Advertisement
Flag Counter
Advertisement

Trending

Copyright © 2018 Anttention Media. All rights reserved