Facebook informs WhatsApp users about a serious vulnerability in the WhatsApp messenger service. Since yesterday evening, an update has been available to fix the vulnerability. Facebook strongly recommends that you install the update.
The discovered vulnerability can be used by attackers to install malware on the affected device and gain access to the device. The attacker can then access all data on the device without the owner noticing.
According to Facebook, the VoIP stack is the vulnerability of the application. Using a simple WhatsApp call, the attacker can send prepared SRTCP packets to gain access to the device. For this it is completely irrelevant whether the called party accepts, rejects or misses the call.
In addition to WhatsApp, the operating system should also be updated. The following WhatsApp versions are considered secure: v2.19.134 (Android), v2.19.44 (Business for Android), v2.19.51 (iOS and Business for iOS), v2.18.15 (Tizen) and v2.18.348 (Windows Phone).
The vulnerability was discovered after a Canadian human rights lawyer became suspicious. He discovered several missed calls from Norwegian phone numbers. Since this seemed unusual to him, he turned to the Citizen Lab at the University of Toronto.
The malware was allegedly programmed by the Israeli company NSO. The human rights lawyer concerned is involved in several lawsuits against the company, which is accused of having sold a spyware used to attack a dissident from Saudi Arabia, a Qatari and several Mexican journalists. NSO itself claims to sell its spyware exclusively to governments and only with the approval of its internal ethics committee.