Source : The Times of India, Last updated : 15 May 2019,6:14 am

WhatsApp discovers ‘spyware’ attack, asks users to update app

WhatsApp discovers ‘spyware’ attack, asks users to update app
BENGALURU: Popular messaging app WhatsApp has asked users to update their apps and mobile operating system (OS) following a suspected ‘spyware’ attack. Indian users will see new updates rolling out in the next 24-48 hours with a fix on the loophole that allowed the spyware attack to gain ‘remote access’ by just placing a WhatsApp Call.

To be sure, such attacks are highly lethal but have a precise focus, in terms of number of targets the attackers are eyeing.

The attacks are suspected to be from an Israeli firm as per global reports. In a statement to TOI, WhatsApp India spokesperson said updating the app and mobile OS will protect against potential targeted exploits designed to compromise information stored on mobile devices.

“We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users,” WhatsApp added in its statement. Some iOS users have already started getting a new update on theirs apps, TOI saw.

WhatsApp info

According to a data security expert, these attacks are termed ‘zero-day’ attack which have a hit rate of 100% and there is no firewall or antivirus that can stop them. For WhatsApp, India is one of its largest markets with over 200 million monthly active users. Remote access can control a mobile device to extract and change critical information on devices, including call logs and text messages.

“This would have a broader impact only when users don’t update their app or OS in the coming days. It could have a mass-level impact in the next three to four months if people continue to use the older versions. This has been the pattern in countries like India, China, Mexico where penetration is very high, but knowledge is very low,” said Hitesh Dharamdasani, director, AnexGate — a firm that helps companies against cyber-attacks with security solutions.

In April, the Facebook owned-WhatsApp first identified the vulnerability that could enable an attacker to insert and execute code on mobile devices. WhatsApp then moved to fix the flaw and late last week it made changes to the infrastructure to deny any ability for this kind of attack to take place. These are highly sophisticated attacks and the Menlo Park-based company is yet to arrive at the scale of the attack’s impact in terms of user base. Due to the nature of the attack, it is believed it could be limited to certain number of users.

Go to Source