You are here: Home » News-IANS » Defence-Security
Business Standard

'WhatsApp breach has huge privacy implications'

IANS  |  New Delhi 

The victims of the latest attack may have lost important personal information including location data and email content, say experts.

A bug in the Facebook-owned messaging app's audio call feature allowed hackers to install onto and iOS phones just by calling the target.

The was reportedly developed by the Israeli cyber intelligence company

"The bug can be exploited based on a decades-old type of vulnerability - a buffer overflow," Carl Leonard, Principle Analyst at cybersecurity company Forcepoint, said in a statement on Wednesday.

"While no details of the actions taken by this malware have emerged, one could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information," Leonard said.

has not yet shared much details on the nature of the attack and its implications, but it said it had provided information to the US to help them conduct an investigation.

"We are early in our investigation and we don't have numbers to share though this is a relatively small amount of people," said WhatsApp, while urging its 1.5 billion users to update the app.

The company did not immediately share how the attack impacted users in

"Unbeknownst to the victims, the attackers obtained complete access to everything on the their mobile devices: personal and corporate information, email, contacts, camera, microphone, and the individual's location," Brian Gleeson, at wrote in a blog post on Tuesday.

WhatsApp, however, said that earlier this month, it identified and "promptly" fixed the vulnerability that could enable an attacker to insert and execute code on

The spyware developed by the had the capability to attack both and

In fact, according to a report in the Financial Times, the secretive Israeli company called in its sales people last month to talk about its software that can even breach the privacy of users.

The executives from the made a claim that it had figured out a way to "drop its payload", a piece of software called Pegasus that can penetrate the darkest secrets of any iPhone, using just one simple missed call on WhatsApp, said the report citing one unnamed person at the meeting.

The phone starts revealing its encrypted content shortly after the missed call.

"It then transmits back the most intimate details such as private messages or location, and even turns on the camera and microphone to live-stream meetings," said the report.

While the software itself is not new, the hack was an enticing new "attack vector", the person was quoted as saying.

"The WhatsApp hack illustrates that despite their best efforts, and cannot completely secure the users of running their operating systems," Gleeson of Check Point said.

"In order to ensure users are properly protected, a must be in place that can prevent spyware from gathering intelligence on their targets," he added.

--IANS

gb/bg

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Wed, May 15 2019. 19:40 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU