SoylentNews is people
SoylentNews
A WhatsApp Call Can Hack a Phone: Zero-Day Exploit Infects Mobiles with Spyware:
A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims' smartphones: all a snoop needs to do is make a booby-trapped voice call to a target's number, and they're in. The victim doesn't need to do a thing other than leave their phone on.
The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.
To pull this off this intrusion, the attacker has to carefully manipulate packets of data sent during the process of starting a voice call with a victim; when these packets are received by the target's smartphone, an internal buffer within WhatsApp is forced to overflow, overwriting other parts of the app's memory and leading to the snoop commandeering the chat application.
Engineers at Facebook scrambled over the weekend to patch the hole, designated CVE-2019-3568, and freshly secured versions of WhatsApp were pushed out to users on Monday. If your phone offers to update WhatsApp for you, do it, or check for new versions manually. The vulnerability is present in the Google Android, Apple iOS, and Microsoft Windows Phone builds of the app, which is used by 1.5 billion people globally.
"A buffer overflow vulnerability in WhatsApp VoIP [voice over IP] stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number," said Facebook in an advisory on Monday.
"The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
[...] Pegasus, once installed on a victim's device, can record phone calls, open messages, activate the phone's camera and microphone for further surveillance, and relay back location data. While NSO claims it carefully vets its customers, the malware has been found on the phones of journalists, human rights campaigners, lawyers, and others.
Also at: Ars Technica, Facebook.
(Score: -1, Troll) by Anonymous Coward on Tuesday May 14 2019, @07:31PM
Khazar jews are running a coordinated system to infiltrate people's computers and phones, extract data and install malware. They are an evil race and are not ashamed about it. But they try to hide in the shadows so they can commit their crimes. Expose them and they run away like rats from underneath a carpet. Those gutter-born creatures are afraid of being found out.
A phone program called Whatsapp is being compromised by a program nemed Pegasus. Both are made and fully controlled by khazar jews. What are the chances this is a random occurrence? Similarly, Intel processors are compromised from the design stage.
This was coordinated by the two companies: Facebook and NSO (in khazar-controlled israel).