{"id":13295,"date":"2019-05-14T08:27:07","date_gmt":"2019-05-14T12:27:07","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/whatsapp-call-zeroday\/13295\/"},"modified":"2020-03-26T17:21:34","modified_gmt":"2020-03-26T13:21:34","slug":"whatsapp-call-zeroday","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/whatsapp-call-zeroday\/13295\/","title":{"rendered":"One call on WhatsApp is enough to establish surveillance"},"content":{"rendered":"

A recently discovered zero-day<\/a> vulnerability in the world\u2019s most popular messenger \u2014 WhatsApp \u2014 allowed hackers to eavesdrop on users, read their encrypted chats, turn on the microphone and camera, and install spyware<\/a> that allows even further surveillance, such as browsing through the victim\u2019s photos and videos, accessing their contact list, and so on. What\u2019s even worse, to exploit the vulnerability, all the hacker needs to do is call the victim on WhatsApp.<\/p>\n

What is known about the new WhatsApp vulnerability<\/h2>\n

Reliable information about the situation is in somewhat short supply at this point. What is known is that a specially crafted call can trigger a buffer overflow<\/a> in WhatsApp, allowing hackers to take control of the application and execute arbitrary code in it. It seems the attackers used that method not only to snoop on users\u2019 chats and calls, but also to exploit previously unknown vulnerabilities in the operating system, which allowed them to install applications on the device. And that\u2019s what they did, installing a spyware app.<\/p>\n

According to Facebook, which is the owner of WhatsApp, the vulnerability is now patched<\/a>. It affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. That means only the very latest versions of the app are currently safe to use; the vulnerability was patched just a couple of days ago.<\/p>\n\n

Attempts to exploit this vulnerability have already been spotted in the wild. WhatsApp\u2019s security team had implemented some changes on the back end that allowed them to block attacks that relied on the vulnerability, but how many people were spied on and who they were have still not been disclosed.<\/p>\n

It is also not yet fully clear which spyware app exactly was being installed in the second stage of attack, but some parties<\/a> suspect that might be Pegasus<\/a>, the spyware famous for its supremely flexible infection capabilities.<\/p>\n

It\u2019s worth mentioning that such vulnerabilities are hard to exploit and that Pegasus (assuming it was Pegasus) is expensive malware used mostly by state-sponsored actors. That means that if you\u2019re of no interest to such high-profile spies, you\u2019re probably safe. However there\u2019s always a chance that the spying tools might be leaked and used by other actors, so it\u2019s wise to protect yourself.<\/p>\n

How to protect yourself from WhatsApp attacks<\/h3>\n

Our best suggestion at the moment is to make sure your WhatsApp is up to date. To do that, go to the Apple App Store or Google Play Store, look for WhatsApp and hit Update<\/em>. If there\u2019s no \u201cUpdate\u201d button, but you see the \u201cOpen\u201d button instead, that means you have the latest version of WhatsApp, and it is already patched against such attacks.<\/p>\n

We will update this post when we have more valuable information either on the attack or on other means of protection.<\/p>\n","protected":false},"excerpt":{"rendered":"

A newly discovered vulnerability allows hackers to eavesdrop on WhatsApp users, read their chats, and install spyware just by calling them. Update the app now!<\/p>\n","protected":false},"author":675,"featured_media":13296,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1486],"tags":[1268,577,1831,682,268,520],"class_list":{"0":"post-13295","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-exploits","10":"tag-messengers","11":"tag-pegasus","12":"tag-spyware","13":"tag-vulnerabilities","14":"tag-whatsapp"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/whatsapp-call-zeroday\/13295\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/whatsapp-call-zeroday\/15766\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/whatsapp-call-zeroday\/6194\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/whatsapp-call-zeroday\/17675\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/whatsapp-call-zeroday\/15822\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/whatsapp-call-zeroday\/14552\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/whatsapp-call-zeroday\/18429\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/whatsapp-call-zeroday\/17314\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/whatsapp-call-zeroday\/22721\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/whatsapp-call-zeroday\/26941\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/whatsapp-call-zeroday\/11724\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/whatsapp-call-zeroday\/11805\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/whatsapp-call-zeroday\/10733\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/whatsapp-call-zeroday\/19216\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/whatsapp-call-zeroday\/23206\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/whatsapp-call-zeroday\/18370\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/whatsapp-call-zeroday\/22603\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/whatsapp-call-zeroday\/22537\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/whatsapp\/","name":"WhatsApp"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=13295"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13295\/revisions"}],"predecessor-version":[{"id":16210,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13295\/revisions\/16210"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/13296"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=13295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=13295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=13295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}