WhatsApp Vulnerability Is Used To Deploy Pegasus Spyware

WhatsApp is among those social media application which can be found in everyone phone. But if you are also an user of this app then there is a bad news for you. Recently researchers has detected a serious vulnerability in this software which has been exploited. According to a security report, an Israeli hacker company known as NSO Group. The company is known to develop Pegasus, which is a dangerous spyware capable to jailbreaks infected devices.It is really serious because the spyware is capable to use camera, microphone and to gather sensitive information of the user. The vulnerability is known as CVE-2019-3568, and it was first spotted by Financial Times.

What is CVE-2019-3568 Vulnerability In WhatsApp?

CVE-2019-3568 Vulnerability which is also known as WhatsApp 0-Day flaw is used by attackers to remotely install a data collecting software on some selected Smart phones. In WhatsApp VoIP stack it is also known as buffer overflow which allow hackers to execute remote code via specially designed SRTCP packets series which is sent to the target phone number. Now the question is, which version of WhatsApp is targeted by hackers? Well the security report suggest that vulnerability has allow hackers to target different version of WhatsApp for both the Android and iOS operating system. Here is the list of WhatsApp version which is infected by the Pegasus spyware :

  • WhatsApp for Android prior to v2.19.134,
  • WhatsApp Business for Android prior to v2.19.44,
  • WhatsApp for iOS prior to v2.19.51,
  • WhatsApp Business for iOS prior to v2.19.51,
  • WhatsApp for Windows Phone prior to v2.18.348,
  • WhatsApp for Tizen prior to v2.18.15

However, the CVE-2019-3568 vulnerability has already been detected by WhatsApp researchers the company was making some security improvements to the software. But till then the hackers has done their work and they are successful in targeting some smartphone using iOS or Android version of WhatsApp.

How This WhatsApp Flaw Works On Smartphone?

Hackers use unique way to utilize CVE-2019-3568 vulnerability In WhatsApp. Exploitation of the vulnerability is started by making voice call on WhatsApp to the targeted smartphones. The main intention is to manipulate data packets which is sent to the targeted device when this call get started. It doesn’t matter if the victim take the call or not, the exploit will work. The spyware also erase all the call incoming logs information from the victim device. Once the hacker gain access, they can steal WhatsApp message, calls record, device location, contact details, text messages and use microphone or camera without permission of the victim. This is really a serious matter because once they (hackers) get your details, they can misuse in several illegitimate activities.

However there is good news too, according to the WhatsApp official, they have patched the CVE-2019-3568 vulnerability. The company has also complain about the attack to US law enforcement so that they can get helped to do further investigation and take action against the culprit. Being a WhatsApp user you should also take it seriously and immediately install the latest version on your smartphone to prevent the attack.

About Author

Henry Sadakov

Henry Sadakov has a degree in Computer Science and specializes in web and mobile cybersecurity. He deals in removing the spyware and malware which has infected the mobile and other electronic devices. He is very dedicated to covering the top technical stories and providing useful tips for the everyday user, in an effort to reach and get rid of spyware from infected devices.

Leave a Reply

Your email address will not be published. Required fields are marked *