// Hacking NEWS // A Vulnerability in WhatsApp Has Been Used to Spy On Smartphones Remotely

All it took was a VoIP call to install Pegasus, a particularly effective spyware program used by governments and law enforcement agencies around the world. An update of the messaging system is available.

Source
If you are using WhatsApp, update your application as soon as possible. A critical flaw allows you to hack into any remote smartphone, whether it is under iOS or Android, simply by initiating a VoIP voice call. The targeted person does not even need to answer this call.

And it's not just a theory. According to The Financial Times, this breach was used just last Sunday by a customer of the Israeli publisher NSO to install the Pegasus spyware on the smartphone of a British human rights defender. The attack was blocked by WhatsApp who discovered the flaw at the beginning of May and has since deployed a patch on its servers.
The update of WhatsApp's client software is available as of Yesterday.

We don't know how many smartphones could have been infected by Pegasus thanks to this flaw. Once installed, this spyware can, among other things, siphon e-mails, SMS and photos. It can also access the microphone and camera in real time.

The malware was analysed in 2016 by researchers from CitizenLab and Lookout, after recovering a copy on the iPhone 5s of Ahmed Mansoor, an Emirati human rights defender.

CitizenLab research has also shown that Pegasus has been installed on the device of a Saudi-Canadian activist and on at least 25 smartphones in Mexico, including journalists, lawyers and politicians.

A flaw in the VoIP signalling protocol

Until then, the software used a succession of three zero-day vulnerabilities to hack into the device and required the target to click on an HTML link. In this case, it is obviously much simpler.

We do not yet know all the technical details of this flaw. A security alert published by Facebook nevertheless indicates that the bug was at the level of SRTCP (Secure Real-Time Control Protocol), the signalling protocol used by WhatsApp for VoIP communications.

Sending a series of specially trained SRTCP packets allowed, according to Facebook, to cause a buffer overflow and, thus, to execute arbitrary code remotely.

Source: The Financial Times, via The Verge

Stay Informed, Stay Safe

• I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!

  • This is my guide To Secure your PC after a fresh installation of Windows

  • If you think that your Phone or your PC has been hacked, you have to check it right now!

  • That's how you can be more Anonymous on the internet!

  • The Future of Cyber-Security, what to expect?

  • The best Crypto debit card – Wirex!

  • These are the best VPN to protect your numeric life: NordVPN, ExpressVPN and CyberGhost!

  • Your PC is slow? That's why!

  • Why is it important to Be Discreet on the Internet

  • The 4 security measures to put in place on your WIFI router

  • The Security guide everyone must have on holidays!

  • Feel hot? Your Computer also!

  • How an Adware works?

  • That's how you should guard against Trojan!

  • Why Antiviruses are not your friend?!

  • Basics tools to protect your Privacy and your Computer

  • What are the different Types of hackers?