The most popular and widespread in the world WhatsApp messenger in recent months has become one of the most dangerous applications. Experts do not first alleged services in the sale of data and violation of secrecy of correspondence, but 2019 was especially scandalous for WhatsApp. Unknown criminals, having seized the programme for the security forces and intelligence officers, spying on the users, listened to their conversations, read correspondence, and even included a live video of one’s life. Editor Of “Tapes.ru” figured out that we can fear to anyone who uses WhatsApp.
One phone call
In April 2019 inhabitant of the British city of Leeds to Faustin Rukundo received a call to WhatsApp from an unknown number. Answering the call, he heard nothing, and she quickly dropped the call. Rukundo tried to call back and find out what was the matter, but did not get through.
It struck him as odd: he googled the mobile number from which he called, but found only that code refers to a Swedish provider. After some time, repeated calls, call from other unknown numbers. Rukundo was worried (being a refugee, he nervously reacted to the strange situation because they feared for their family) and changed the phone. Just a few hours the caller again overtook him, and again gave the all-clear when he tried to speak with them.
“Whenever I called back no one answered. I realized that something was wrong when I began to notice that from the phone the files disappear,” said Rukundo.
It turned out that his colleagues at the National Congress of Rwanda (opposition local government group) also received strange calls from the same numbers. Rukundo realized what had happened, only a month later, when media reports emerged about the hacking via messenger. “I changed my phone and realized his mistake. They followed my room and installed spyware software on every new device, calling on the same number,” he explained.
Later it turned out that the victims of the attack were at least 1.4 thousand people (probably much more). Following the series of incidents, the investigation revealed that the real purpose of phone attacks were human rights activists, opposition leaders, diplomats, senior officials and journalists from more than 20 countries.
In may 2019, it became known that the victims of hackers could be more than 1.5 billion users of WhatsApp. Cybercriminals took advantage of the vulnerability of service vulnerability-CVE-2019-3568, which allowed them remotely to implement spyware programs. Malicious code developed by the Israeli company NSO Group, is transmitted through the incoming call: the attackers called the victims through the messenger, and the program automatically implemented on the device. She came as for gadgets on iOS and Android, and contamination occurred even if the user did not answer. Call data, as a rule, immediately disappeared from the call log.
A few minutes after a missed call, the phone could transmit to the server everything is encrypted data, screen images, private messaging, and location — as well as their team to include a camera and microphone, essentially giving a live broadcast without the owner’s knowledge. It acted as the flagship product of the NSO Group is a Pegasus, which was created by developers for the needs of the scouts.
In the period from January 2018 to may 2019 NSO Group created WhatsApp account using phone numbers registered in different countries, among them Cyprus, Israel, Brazil, Indonesia, Sweden and the Netherlands. Malicious code disguised as a call options that made it possible for attackers to circumvent the protection of the messenger, and dangerous looked like it came from the servers of the WhatsApp.
Representatives of the company claimed that this product is only designed for secret services and other authorities who need to fight terrorism and crime. With this technology, a relatively small Israeli company has earned the market valuation of one billion dollars. It is known that a month before the attack is detected, the representative of the company boasted to investors that a security update from Apple is unable to resolve “vulnerability exploited Pegasus”. This technology is considered so powerful that it regulates the defense Ministry of Israel. Selling on behalf of the state or direct the use of such serious programs could play into the hands of many officials and the military. However, local government has not publicly said anything that would allude to his special relationship with the NSO Group.
After discovering break-ins by the representatives of the NSO Group was assured that they carefully check their clients and investigate the slightest abuse. They proudly told me that Pegasus helped to prevent terrorist attacks in dozens of countries, to save a lot of abducted children and to curtail the activities of drug cartels. They ran a check on the fact of attacks, stating that the exploit code against a particular law-abiding person or organization is impossible: according to them, to the technology have access “solely by intelligence and law enforcement bodies”. However, a number of foreign media, it became known that earlier middle East human rights defenders and activists received WhatsApp text messages containing phishing links to install Pegasus.
Representatives of WhatsApp, recorded the attack, has attracted a team of employees who worked round the clock on fixing the problem. A few days they managed to develop a new version of messenger, which they advised to install for all users without exception. However, the management remains confident that all the fault of the NSO Group: “This attack has all the signs of activities of a private company, which, as is known, cooperates with governments in the delivery of spyware that takes over the functions of operating systems of mobile phones”. They contacted human rights organizations and staff of the Ministry of justice.
Attack of the clones
While WhatsApp was working on fixing the vulnerability, the unknown continued to attack their victims. The day before the release of the updated version of strange incoming call received on telephone by an unnamed British human rights lawyer. Researchers from the laboratory for the protection of human rights and global security Canada’s University of Toronto Citizen Lab took this case to the same series of break-ins. According to them, in that case he failed: “we had a strong suspicion that a phone that a person could be targeted, so we saw the alleged attack and found that it did not lead to infection. We believe that the measures taken by WhatsApp in the last few days, did not allow the attacks to go through successfully,” — said the representative of the Citizen Lab John Scott-Railton. Later, an unnamed attorney helped a group of colleagues, which included several Mexican journalists and activists, and dissident from Saudi Arabia, living in Canada, to sue the NSO Group. In his opinion, the manufacturer is responsible for misuse of their product.
Another famous victim of burglary — an employee of Amnesty International. This organization has a lot of evidence that the company-developer of Pegasus is associated with attacks on human rights defenders, and the program and sold literally all in a row, which jeopardises the rights and safety of people around the world. “NSO Group sells its products to governments who are known for egregious human rights violations, providing them with the tools to track activists and critics. The attack on Amnesty International was the last straw” — was indignant Danna Ingleton, Deputy Director of Amnesty Tech. The organization supported the request for revocation of an export licence NSO Group — this issue needs to be addressed Ministry of defence of Israel.
Oil poured into the fire, a friend of the murdered in 2018 journalist Jamal Hasmadi, who said that opposition journalist was the victim of surveillance and wiretapping with the help of Pegasus, and detractors led him to the last days until he dealt with it. Of the NSO Group received answer that their software is not used by any one of the clients for the infection phone Hakuji, and it is sold only to responsible countries after careful inspection and with the approval of the Israeli government. However, the question is how legit is is pursuit of the stated objectives is used to monitor dissidents or journalists, remains open. It is precisely known only that the weak point of on each gadget was elected as WhatsApp.
In October, the Facebook Corporation, which owns the messenger, filed in court in California by an Israeli company. According to the representatives of WhatsApp, the NSO Group and the parent company Q Cyber Technologies to spy on their users via malware. In Facebook are going to court to deny them access to their platforms. This was the first precedent during the life of the application. In Facebook recognized that the creators of the code does not break clients of the company, however, obliged to pay the penalty for their tool. Service called the precedent “systematic attack” and he intends to pursue strict legislative control of cyber weapons and a moratorium on such attacks.
However, this mishap WhatsApp users is not over. In November 2019, the employees of Facebook, without attracting attention of users, published on the website of the social network data about the fixed vulnerability in the messenger. It is known that with it the hackers could install on any device spyware. To infect the attacker was enough to get the phone number of the victim. The experts noted that the nature of this breach, which received the ID number CVE-2019-11931, very similar to CVE-2019-3568.
According to the researchers, it is about the vulnerability of buffer overflow: a cyber criminal sends the victim a special file format MP4, and this leads to problems in the operation of the device, and gadget, meanwhile, quietly set a dangerous program backdoor or virus-spy. According to employees of Facebook, the problem has affected all major platforms (iOS, Android and Windows) as well as a corporate version of messenger. According to their assurances, the vulnerability is never exploited by hackers in targeted attacks.
In the beginning of the year, a Reddit user said that he managed to circumvent the security system of the messenger using the “share” function. Under certain circumstances and adjusting certain settings, he was able to sign in to WhatsApp, bypassing the FaceID or TouchID. A few weeks before that, the journalists of the British newspaper the Mirror revealed a simple way to restore a deleted contact in the messenger. In order for the archive of correspondence is loaded in its original form, should only delete the service application, and then install it again. This method will work if the device has not rebooted, and the chat log was not updated (by default this happens once a day).
Last year, WhatsApp was in the center of the scandal connected with the frequent cases of merciless lynching in India. Then the cause of several tens of massacres was the fake information disseminated by the local people through messenger. In India, the service is constantly used for messaging hundreds of millions of people, many of them massively shared with the entire contact sheet of fake “sightings” in some of the kidnappers children. Most often the victims of the crowd were foreigners or vagrants. Then, the local government shifted the responsibility for what happens to the representatives of WhatsApp, a Indian government restricted the series of warnings and announcements in the local Newspapers about the inadmissibility of such behavior. In January 2019 WhatsApp has limited the forwarding of the same message to users up to five times.
For problems WhatsApp is closely following the Creator of the messenger-competitor Telegram Pavel Durov. Two days later, after it became known that 1.5 billion WhatsApp users were in danger because of Pegasus, the businessman made a column “Why WhatsApp will never be safe” (Why WhatsApp Will Never Be Secure). According to Durov, the administration of the service deliberately makes the messenger vulnerable to the authorities and intelligence services could gain access to correspondence and calls users. He rebuked the hypocrisy and greed of the Corporation is Facebook, which is ready to sacrifice customers for the sake of prosperity. “Every time WhatsApp is necessary to correct a critical vulnerability in its app, in its place appears a new. All their security problems are well suited for surveillance, they look and work like backdoors,” summed up the actor.
20 Nov Durov appealed to all the WhatsApp users to uninstall the application. He called the service a “Trojan horse”, which not only protects ordinary users, but also allows you to monitor their activities outside of the application. “All you had to do the hack is to send you a video and all of your data at the mercy of the attacker,” wrote Durov in his Telegram channel, hinting at a problem CVE-2019-11931. He recalled that already predicted the chain of endless troubles with the safety of the messenger, in which each solved the problem of pulling a new. According to the founder of Telegram, the answer is that Facebook have for many years participated in the NSA program called PRISM, under which the authorities to collect user data, and in 2019 no one has reason to trust this Corporation. He also remembered the confession of one of the founders of messenger Brian Acton that selling unblocker Facebook, gave a large amount of “the privacy of its users.”
Statements Durov has caused a wide resonance. Representatives of Russian business and the Ministry of communications said that the Creator of the Telegram she’s just angry at a competitor, which takes away his audience. One of the experts noticed that the problem WhatsApp can be associated with its wide audience, as hackers are more likely to pay attention to the larger coverage of the product. However, the majority of WhatsApp users often do not think about the risks that they bear the application, come primarily from the prevalence and the habit of using messenger. That is why the struggle of the developers of service vulnerability is likely to continue.
Read more •••
Video of the day. Naked blonde put an end to the career of a judge