WhatsApp Hack – Why you should always update your apps

August 3, 2020
whatsapp hacked nso group data Exfiltration vulnerability voip infosec information security privacy

WhatsApp has just recently released a new patch upgrade after Cybersecurity experts exposed its vulnerability upon stumbling the modus of the Israeli hacking adversaries called NSO Group. According to the report, WhatsApp has shallow security wherein speculation that this was neglected upon app development. Due to this, the NSO Group was able to hack devices that use the app by just ringing the WhatsApp registered number even if the call was not picked up. Exfiltration includes capturing contacts, photos, browsing history, and a list of installed apps.

Since the application used VoIP service, the communication is established through different levels of encryption from source to destination of data and vice-versa. An in-depth investigation of this ruckus shows that the fragility was a result of the buffer overflow within the complex encryption functionality of the application. The so-called feature includes Voice Quality augmentation that filters out the noise for better audio transmission. Speech Coder to reduce the bandwidth to establish VoIP calls, Session Initiation Protocol (SIP) for call control and moderation, and Real-Time Transport Protocol that controls the transmission of audio or video on the network. Overflows are then transferred to different memory storage that is free to accommodate the data fetch and transmission. Technically, hackers will initially target to overload any of the mentioned functionality, once it overflows, they can now inject their customized coded spyware and be able to do their malicious activity on the targeted account.


According to Facebook(Whatsapp Owner) official advisory, the issue was a common flaw to all VoIP services that are to be expected.


Upon discovering of the hacking incident, they have already mitigated an action plan to reduce the fatality damage of the attack. Based on the gathered pieces of evidence, the attack was categorized as a zero-day attack, which means that it will take time before patches can be issued to resolve the incident. In this case, the detection was reported early this May, and the patch update was just recently released. This is in addition to that they have confirmed that they were able to determine that the attack was classified to be specific to prominent activists and politicians only in which the affected were just a small percentage of its users.

WhatsApp moderator did not disclose further the details on how they discover about the intrusion nor answered the allegations that the app lacks imposed security protocol. They just advised their users to immediately do the update to avoid such an attack. On the other hand, the NSO Group also denies that they are behind the attack but admit that they co-authored the code used in this incident.

Cybersecurity experts advised that such a report is a wake-up call to many VoIP app services to do a pulse check on the app and strengthen the security imposed on it. The app services are widely used not only for personal communication but also in the business sector wherein possible money loss is inevitable.


About the author

Leave a Reply