contador web Saltar al contenido

WhatsApp Security Failure: Questions and Answers to Understand the Case | Social networks

  • WhatsApp: Major glitch hits all cell phones; see how to protect yourself
  • See how to update WhatsApp on your phone

The information was released by the Financial Times newspaper yesterday and confirmed the same day by Facebook. WhatsApp claims that only a small group has been hit by the vulnerability and has released an update that prevents virus action in the application. Then ask your questions about the case and learn how to protect yourself.

WhatsApp recommends updating the app to fix security holes Photo: Marvin Costa / TechTudo WhatsApp recommends updating the app to fix security holes Photo: Marvin Costa / TechTudo

WhatsApp recommends updating the app to fix security holes Photo: Marvin Costa / TechTudo

Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo

The detected spyware is called Pegasus and was developed by NSO, an Israeli company that provides government spy technology. The vulnerability discovered in the app could be exploited by hackers to insert malicious spyware code into data packets sent during the WhatsApp voice call process.

The attack does not require the victim to download the virus; You just have to get a voice call to get infected and you don't even have to answer the call for spyware to take action. When data is received, the WhatsApp vulnerability causes portions of the application's memory to be overwritten by malicious code and, as a result, control to be handed over to Pegasus.

According to WhatsApp representatives in an interview with the Financial Times, the number of users hit by the vulnerability "is in the tens," but the specific number of those affected was not disclosed. The messenger also shared that he suspected human rights activists had been targeted by the security breach, and told the newspaper that the biggest concern at the moment was "working with human rights groups to find out as much as possible about which ones might have been affected."

It is not clear who was hit by the vulnerability. Photo: Rodrigo Fernandes / TechTudoIt is not clear who was hit by the vulnerability. Photo: Rodrigo Fernandes / TechTudo

It is not clear who was hit by the vulnerability. Photo: Rodrigo Fernandes / TechTudo

Spyware is a spy program that monitors the activities of the system on which it was installed. It then sends the collected information to third parties via the Internet. This type of program was created for the advertising purpose of investigating users' habits to target advertisements, but hackers have infiltrated malicious code into the software to use for malicious purposes such as stealing confidential data.

4. What is the program for?

The NSO says the program was designed to help governments fight crimes, but there have been cases of attacks directed at human rights defenders. Citizen Lab, a University of Toronto online privacy research institute, on Monday revealed in its official Twitter account that a human rights lawyer suspected the target was vulnerable, but the attack was unsuccessful because the security update had already been installed.

Reuters news agency, a representative of Citizen Lab explained that the UK lawyer sought help from the institution after receiving WhatsApp voice calls from unknown numbers.

WhatsApp has just released an update that fixes the security hole. We believe an attacker tried (and was blocked by WhatsApp) to exploit it yesterday to target a human rights lawyer. This is the time to update WhatsApp.

On suspicion that human rights activists are targeted by an attack, Amnesty International said on Monday it supported legal action against the Israeli Ministry of Defense to revoke the production export license. from the company NSO.

5. What does the responsible company say?

In a Reuters statement, the NSO has pledged to investigate whether its technology has been misused and take action if necessary, but warned that the company does not choose or identify targets for its products. In addition, the institution ensured that "under no circumstances would it be involved in the operation or targeting of its technology, which is operated exclusively by intelligence and law enforcement agencies."

The NSO states that its technology is licensed to authorized government agencies "for the sole purpose of combating crime and terror", and that it does not operate the system itself, while having a rigorous licensing and verification process.

WhatsApp vulnerability checked by messenger security Photo: Helito Beggiora / TechTudoWhatsApp vulnerability checked by messenger security Photo: Helito Beggiora / TechTudo

WhatsApp vulnerability checked by messenger security Photo: Helito Beggiora / TechTudo

6. What does WhatsApp say about this?

WhatsApp notified the US Department of Justice to assist with the investigation, and recommended that all users update the app. WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted attacks designed to compromise information stored on mobile devices, the Financial Times said in a statement.

It is recommended that users update the application and install the latest available version, and "also keep the mobile phone operating system up to date to guard against possible breaches that compromise the device content." The new versions are now available for download for Android, iPhone (iOS), Windows Phone, and Tizen users. The business version WhatsApp Business has also been affected and has an update available.

What emoji is missing on your WhatsApp or Facebook keyboard? Give your opinion on the TechTudo Forum.

How to update WhatsApp on iPhone

How to update WhatsApp on iPhone