Jessica Tabinor cyber
INDUSTRY NEWS | 3 MIN READ
WhatsApp discovers 'targeted' cyber attack.
Following the attack, users are being urged to update the app.
Sam Menelaou, Executive Manager at Morson provides an insight into the importance of cyber security.
It has been revealed that the popular WhatsApp messaging app, which is owned by Facebook, has fallen victim to a targeted cyber-attack. The attack is thought to have targeted a select number of users and was orchestrated by "an advanced cyber actor”, reportedly Israeli security firm NSO Group.
The hackers were able to remotely install surveillance software onto users’ mobile devices despite WhatsApp promoting itself as a secure communications app that has end-to-end encryption. The security was flawed due to the hackers being able to use the voice calling function to ring a targeted users’ device and place the surveillance software. The software would still be installed even if the call was not answered and engineers have stated that the people who were targeted may have had one or two missed calls from a number they did not know.
A spokesperson from WhatsApp said:
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
The BBC reported that Prof Alan Woodward from the University of Surrey described the attack as a “pretty old-fashioned” method:
"In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area.”
"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently, you did not need to answer the call for the attack to work."
Who has been targeted?
An official statement from WhatsApp revealed that it’s too early to determine how many people have been affected by the attack. However, it is believed that the hackers targeted specific users.
It is believed that a human rights organisation and a UK based lawyer may have been targeted in the attack.
Don’t worry, this doesn’t mean you need to delete the app!
The breach was discovered in early May and on Monday, WhatsApp advised its 1.5 billion users to update their app to the latest version as an added precaution. Updating the app ensures that any surveillance software that may be on your device is deleted and you are clear to continue using your phone as normal.
Morson recruits for roles in cyber security…
We understand that cyber security is seen as a top priority for modern businesses, data breaches and other cyber-attacks become increasingly common. Businesses need to ensure they have the right staff and skills in-house to protect themselves and their data, which has led to a steady increase in the demand for cyber security professionals.
Morson has a wealth of experience in the IT sector and has been involved in recruiting professionals for cyber security jobs for many years. Our IT and Cyber Security divisions have grown drastically over the last few years both organically and through acquisitions including The Bridge-IT and Anderselite, with each member of our team providing new expertise and skills.
Commenting on the WhatsApp data breach, Sam Menelaou, Executive Manager at Morson International said:
“WhatsApp plays a pivotal part in everyone’s day to day life being one of the most used apps and form of communication via smartphones, which is why Facebook paid $19 billion to purchase WhatsApp back in 2014. Hearing about cyber attacks such as this makes you realise the importance of cyber security. We work with clients who have been subject to large cyber attacks themselves, and also help clients prepare and put the correct security in place for potential attacks. Cyber security is now an essential part of many companies, if not everyone.”
Through the years we’ve spent supplying cyber security personnel, we’ve built strong working relationships with a variety of high-profile clients in the sector. We recruit for a variety of different roles, for both permanent and contract personnel, as well as those looking for more niche roles.