WhatsApp Vulnerability Left iPhones Vulnerable to Israeli Spyware [Updated]

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, May 13, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    WhatsApp today disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

    According to The New York Times, attackers were able to insert malicious code into WhatsApp, allowing them to steal data, regardless of whether or not a WhatsApp phone call was answered.

    Security researchers said that the spyware that took advantage of this flaw featured characteristics of the Pegasus spyware from NSO Group, which is normally licensed to governments who purchase the spyware for installing on the devices of individuals who are the target of an investigation.
    The vulnerability was described by WhatsApp as "nontrivial to deploy, limiting it to advanced and highly motivated actors," but it's not clear how long the security flaw was available nor how many people were affected. It was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

    WhatsApp engineers "worked around the clock" to address the vulnerability, and made a patch available on Monday. The initial vulnerability was discovered ten days ago after WhatsApp found abnormal voice calling activity following complaints from the aforementioned lawyer. WhatsApp says that it has notified the Department of Justice and a "number of human rights organizations" about the issue.

    Update: Reader comments suggested that some of the wording in this article was confusing or misleading, so we have updated it to make sure the details of the vulnerability are clear. Specifically, this issue impacted WhatsApp, not the iOS operating system.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: WhatsApp Vulnerability Left iPhones Vulnerable to Israeli Spyware [Updated]
     
  2. McG2k1 macrumors regular

    Joined:
    Jun 22, 2011
  3. farewelwilliams macrumors 68020

    Joined:
    Jun 18, 2014
  4. Slix macrumors 65816

    Slix

    Joined:
    Mar 24, 2010
    #4
    Remember all the comments the other day about WhatsApp being more secure than iMessage?

    :rolleyes:
     
  5. pika2000 macrumors 601

    Joined:
    Jun 22, 2007
    #5
    Facebook: Nobody shall spy on our minions than ourselves.
     
  6. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
    #6
    Shocking (not), the top messaging app in many countries is compromised by a State run security agency. The question is whether this was by accident, partnership or from someone on the inside.

    Apple's OS's, messaging apps and ROMs have to be prime targets by just about every security agency out there.
     
  7. haruhiko, May 13, 2019
    Last edited: May 18, 2019

    haruhiko macrumors 601

    haruhiko

    Joined:
    Sep 29, 2009
    #7
    Original post removed due to misinformation. Sorry.
     
  8. macfacts macrumors 68040

    macfacts

    Joined:
    Oct 7, 2012
    Location:
    Cybertron
    #8
    So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
     
  9. stylinexpat macrumors 65816

    stylinexpat

    Joined:
    Mar 6, 2009
    #9
    So who here finds this surprising? This couldn't possibly happen from our ally now could it..? :rolleyes:o_O Maybe the Palestinians, Hamas,Iranians or Hezbollah was behind it o_O
     
  10. konqerror macrumors 6502

    Joined:
    Dec 31, 2013
    #10
    Uh no. WhatsApp was a Silicon Valley company. None of the founders are Israeli. The initial investor was a major Silicon Valley VC firm.
     
  11. m0sher macrumors 6502

    m0sher

    Joined:
    Mar 4, 2018
    #11
    Anyone else find it extremely disturbing Israelis spying?

    Luckily they don’t make phones.
     
  12. stylinexpat macrumors 65816

    stylinexpat

    Joined:
    Mar 6, 2009
    #12
    You forget?
     
  13. AxiomaticRubric macrumors 6502

    AxiomaticRubric

    Joined:
    Sep 24, 2010
    Location:
    On Mars, Praising the Omnissiah
    #13
    How did this vulnerability make it past the App Store review process? Do app reviewers take bribes to allow spy trash like this into apps?
     
  14. Mascots, May 13, 2019
    Last edited: May 13, 2019

    Mascots macrumors 68000

    Mascots

    Joined:
    Sep 5, 2009
    #14
    This exploit is sideloaded and delivered to WhatsApp outside of the App Store.

    The App Store itself does not vet apps for vulnerabilities (that would be impossible), but it does vet them for these types of warez directly.
    --- Post Merged, May 13, 2019 ---
    I just searched a little and it looks like this exploit is scoped solely to WhatsApp's VOIP stack (and within the sandbox) and whatever WhatsApp had permissions for. It will access all of your photos, if you've allowed WhatsApp access, for example.

    I can't find any evidence of any additional system exploiting, yet. But this seems why it's able to affect such a wide range of systems - it is spyware within WhatsApp itself.
     
  15. Intellectua1 Suspended

    Intellectua1

    Joined:
    Jun 3, 2016
    Location:
    Seattle, Washington
    #15
    Nah, not on iOS, it's so private and secure things like this or the carrier tracking situation could never be an iPhone issue. Yeah Privacy Timmy!
    --- Post Merged, May 13, 2019 ---
    iOS has been cracked most likely, the information just hasn't been leaked. There's nothing in this day and age that can't be exploited.
     
  16. m0sher macrumors 6502

    m0sher

    Joined:
    Mar 4, 2018
    #16
    Good example.

    I’m being naïveté , every country is doing it, just that it’s illegal and I wonder what consequences we should start holding against those who do get caught?

    And more importantly what tech can do to prevent it and protect us?
     
  17. Shirasaki macrumors G3

    Shirasaki

    Joined:
    May 16, 2015
    #17
    No. No tech can prevent this happen and protect people because people running those tech companies do not care about general public and their situations. This is always the problem of the people, not the tech.
     
  18. verpeiler macrumors 6502a

    verpeiler

    Joined:
    May 11, 2013
    Location:
    Munich, Germany
    #18
    I find Americans spying even more disturbing.
    Lucky they don’t make phones either.
     
  19. realtuner macrumors 6502a

    realtuner

    Joined:
    Mar 8, 2019
    Location:
    Canada
    #19
    Two ridiculous comments. So if iOS is the problem, how come the fix was done via a patch to the WhatsApp App itself and also a server side update to WhatsApp? How come there's no updates for iOS or Android (since, you know, this exploit also worked with WhatsApp on Android) to fix this issue?

    NVM, because Apple.
     
  20. Marshall73 macrumors 65832

    Marshall73

    Joined:
    Apr 20, 2015
    #20
    I’d say it’s arguably worse as they could remote install software to your phone which could do any number of things including scraping all of your information stored on the phone.
     
  21. farewelwilliams macrumors 68020

    Joined:
    Jun 18, 2014
    #21
    apps are sandboxed so even if it took over the whatsapp completely, it has no access to files outside what whatsapp is allowed to access. at least on iOS.

    of course Android is a different story.
     
  22. Marshall73 macrumors 65832

    Marshall73

    Joined:
    Apr 20, 2015
    #22
    This is true. Although there is the possibility of zero day exploits in iOS which would allow them to access data outside of the sandbox. A zero day bug like this would be far more dangerous when you already have access to the phone remotely.

    A many zero day exploits need physical device access or user interaction. And many hacks on other platforms require the use of multiple exploits to work.
     
  23. stylinexpat macrumors 65816

    stylinexpat

    Joined:
    Mar 6, 2009
    #23
  24. apolloa macrumors G4

    Joined:
    Oct 21, 2008
    Location:
    Time, because it rules EVERYTHING!
    #24
    Yes I was thinking that. I mean Whatspp was obviously buggy, or considering Facebook own it it was by design.... anyway, it had this bug that allowed it to completely bypass any and all iOS security??
    That’s a failure of the iOS coding is it not? It’s not protecting those back doors.
     
  25. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #25
    "In this day and age" - how old are you?
    --- Post Merged, May 13, 2019 ---
    I would really like to know what are actual known facts, and what has been made up by some "journalist" based on their imagination, or on their wish to make the article found more interesting.

    If there is a bug in an application that allows a hacker to install software on an iPhone, then this is a major, major vulnerability in iOS. So there are clearly two possibilities: Either there is a HUGE vulnerability in iOS, or the bit of installing software on the iPhone is just in someone's imagination.
     

Share This Page

51 May 13, 2019