Bahrain’s Anti-cybercrime cell has asked Whatsapp users here to update to the latest version of the app to rectify a vulnerability that allows spyware to be injected into a user’s phone.
As per reports, the Israeli cyber intelligence company NSO GROUP has developed the spyware. Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, the report said.
“There was a fault in the WhatsApp application which could lead to the hacking of smartphones and e-devices,” the Director-General of Anti-corruption and Economic & Electronic Security said in a statement. The Anti-cyber Crime Directorate asked people to immediately update the application to its latest version.
“We also ask individuals to contact the department on 992 if they find their devices had been hacked, to learn about the necessary steps to take,” the statement added.
Migin Vincent, Threats Manager App
The Remote Code Execution (RCE) vulnerability (CVE-2019-3568) affecting the popular messaging platform WhatsApp was discovered earlier this month. According to the recent advisory published by Facebook, a buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via a specially crafted series of SRTCP packets sent to a target phone number.
“It can be exploited by calling a vulnerable device via the WhatsApp calling feature, which remotely installs the surveillance software on the device. “It should be noted that the calls did not have to be answered and often disappeared from the call logs. WhatsApp deployed a server-side fix on Friday last week and issued a patch for end-users on Monday alongside Facebook’s advisory.”
Users are advised to upgrade to the latest version of WhatsApp as soon as possible.
Amjad Taha, British Arab journalist and political analyst, Regional director of the British Middle East Center for studies and Research
This spyware clearly shows that many applications we use are not very secure, especially social media which is quite dangerous as well.
The incident also raises questions on a lot of cybersecurity issues. “Bahrain has an advanced cyber security team where they have succeeded a lot in countering terrorism. A lot of applications were pulled down along with their proxies. “Iran has been using a lot many contents to promote terrorism where Facebook has spoken about it too. “Iran has dozens of Facebook accounts and along with more than 23,000 twitter accounts used both by Iran and Qatar regimes.
“They also put links on websites to hacks accounts of journalists and rights activists monitoring the Iranian human rights situation and Qatar’s abuse of international law by supporting terrorism. “I was one of the victims of the Qatar regime’s hacking attempt. “My case is still in the court in the USA, where the New York Times has spoken about it.
“Qatar has tried to hack a lot of journalists through various ways and one of the prominent ways is through emails and spyware and also through various texting applications.
“Lastly, Bahrain as a nation has been very successful in safeguarding cybersecurity and tackling terrorism on Whatsapp and Facebook despite these apps putting a lot of individuals’ privacy in danger.”