WhatsApp Vulnerability Left iPhones Vulnerable to Israeli Spyware [Updated]

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, May 13, 2019.

  1. MacRumors macrumors bot


    Apr 12, 2001

    WhatsApp today disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

    According to The New York Times, attackers were able to insert malicious code into WhatsApp, allowing them to steal data, regardless of whether or not a WhatsApp phone call was answered.

    Security researchers said that the spyware that took advantage of this flaw featured characteristics of the Pegasus spyware from NSO Group, which is normally licensed to governments who purchase the spyware for installing on the devices of individuals who are the target of an investigation.
    The vulnerability was described by WhatsApp as "nontrivial to deploy, limiting it to advanced and highly motivated actors," but it's not clear how long the security flaw was available nor how many people were affected. It was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

    WhatsApp engineers "worked around the clock" to address the vulnerability, and made a patch available on Monday. The initial vulnerability was discovered ten days ago after WhatsApp found abnormal voice calling activity following complaints from the aforementioned lawyer. WhatsApp says that it has notified the Department of Justice and a "number of human rights organizations" about the issue.

    Update: Reader comments suggested that some of the wording in this article was confusing or misleading, so we have updated it to make sure the details of the vulnerability are clear. Specifically, this issue impacted WhatsApp, not the iOS operating system.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: WhatsApp Vulnerability Left iPhones Vulnerable to Israeli Spyware [Updated]
  2. McG2k1 macrumors regular

    Jun 22, 2011
  3. farewelwilliams macrumors 68020

    Jun 18, 2014
  4. Slix macrumors 65816


    Mar 24, 2010
    Remember all the comments the other day about WhatsApp being more secure than iMessage?

  5. pika2000 macrumors 601

    Jun 22, 2007
    Facebook: Nobody shall spy on our minions than ourselves.
  6. Sasparilla macrumors 65816

    Jul 6, 2012
    Shocking (not), the top messaging app in many countries is compromised by a State run security agency. The question is whether this was by accident, partnership or from someone on the inside.

    Apple's OS's, messaging apps and ROMs have to be prime targets by just about every security agency out there.
  7. haruhiko, May 13, 2019
    Last edited: May 18, 2019

    haruhiko macrumors 601


    Sep 29, 2009
    Original post removed due to misinformation. Sorry.
  8. macfacts macrumors 68040


    Oct 7, 2012
    So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
  9. stylinexpat macrumors 65816


    Mar 6, 2009
    So who here finds this surprising? This couldn't possibly happen from our ally now could it..? :rolleyes:o_O Maybe the Palestinians, Hamas,Iranians or Hezbollah was behind it o_O
  10. konqerror macrumors 6502

    Dec 31, 2013
    Uh no. WhatsApp was a Silicon Valley company. None of the founders are Israeli. The initial investor was a major Silicon Valley VC firm.
  11. m0sher macrumors 6502


    Mar 4, 2018
    Anyone else find it extremely disturbing Israelis spying?

    Luckily they don’t make phones.
  12. stylinexpat macrumors 65816


    Mar 6, 2009
    You forget?
  13. AxiomaticRubric macrumors 6502


    Sep 24, 2010
    On Mars, Praising the Omnissiah
    How did this vulnerability make it past the App Store review process? Do app reviewers take bribes to allow spy trash like this into apps?
  14. Mascots, May 13, 2019
    Last edited: May 13, 2019

    Mascots macrumors 68000


    Sep 5, 2009
    This exploit is sideloaded and delivered to WhatsApp outside of the App Store.

    The App Store itself does not vet apps for vulnerabilities (that would be impossible), but it does vet them for these types of warez directly.
    --- Post Merged, May 13, 2019 ---
    I just searched a little and it looks like this exploit is scoped solely to WhatsApp's VOIP stack (and within the sandbox) and whatever WhatsApp had permissions for. It will access all of your photos, if you've allowed WhatsApp access, for example.

    I can't find any evidence of any additional system exploiting, yet. But this seems why it's able to affect such a wide range of systems - it is spyware within WhatsApp itself.
  15. Intellectua1 Suspended


    Jun 3, 2016
    Seattle, Washington
    Nah, not on iOS, it's so private and secure things like this or the carrier tracking situation could never be an iPhone issue. Yeah Privacy Timmy!
    --- Post Merged, May 13, 2019 ---
    iOS has been cracked most likely, the information just hasn't been leaked. There's nothing in this day and age that can't be exploited.
  16. m0sher macrumors 6502


    Mar 4, 2018
    Good example.

    I’m being naïveté , every country is doing it, just that it’s illegal and I wonder what consequences we should start holding against those who do get caught?

    And more importantly what tech can do to prevent it and protect us?
  17. Shirasaki macrumors G3


    May 16, 2015
    No. No tech can prevent this happen and protect people because people running those tech companies do not care about general public and their situations. This is always the problem of the people, not the tech.
  18. verpeiler macrumors 6502a


    May 11, 2013
    Munich, Germany
    I find Americans spying even more disturbing.
    Lucky they don’t make phones either.
  19. realtuner macrumors 6502a


    Mar 8, 2019
    Two ridiculous comments. So if iOS is the problem, how come the fix was done via a patch to the WhatsApp App itself and also a server side update to WhatsApp? How come there's no updates for iOS or Android (since, you know, this exploit also worked with WhatsApp on Android) to fix this issue?

    NVM, because Apple.
  20. Marshall73 macrumors 65832


    Apr 20, 2015
    I’d say it’s arguably worse as they could remote install software to your phone which could do any number of things including scraping all of your information stored on the phone.
  21. farewelwilliams macrumors 68020

    Jun 18, 2014
    apps are sandboxed so even if it took over the whatsapp completely, it has no access to files outside what whatsapp is allowed to access. at least on iOS.

    of course Android is a different story.
  22. Marshall73 macrumors 65832


    Apr 20, 2015
    This is true. Although there is the possibility of zero day exploits in iOS which would allow them to access data outside of the sandbox. A zero day bug like this would be far more dangerous when you already have access to the phone remotely.

    A many zero day exploits need physical device access or user interaction. And many hacks on other platforms require the use of multiple exploits to work.
  23. stylinexpat macrumors 65816


    Mar 6, 2009
  24. apolloa macrumors G4

    Oct 21, 2008
    Time, because it rules EVERYTHING!
    Yes I was thinking that. I mean Whatspp was obviously buggy, or considering Facebook own it it was by design.... anyway, it had this bug that allowed it to completely bypass any and all iOS security??
    That’s a failure of the iOS coding is it not? It’s not protecting those back doors.
  25. gnasher729 macrumors P6


    Nov 25, 2005
    "In this day and age" - how old are you?
    --- Post Merged, May 13, 2019 ---
    I would really like to know what are actual known facts, and what has been made up by some "journalist" based on their imagination, or on their wish to make the article found more interesting.

    If there is a bug in an application that allows a hacker to install software on an iPhone, then this is a major, major vulnerability in iOS. So there are clearly two possibilities: Either there is a HUGE vulnerability in iOS, or the bit of installing software on the iPhone is just in someone's imagination.

Share This Page

51 May 13, 2019