Access Management , Application Security , Cloud Security
WhatsApp Exploit Reveals 'Legalized Hacking' at WorkAlan Woodward on Nation-States Buying 'Equipment Interference' Tools and Spyware
Facebook has warned all WhatsApp users to immediately update their software, after it discovered that attackers having been abusing a zero-day flaw to push malware.
"It's a bit of a nightmare scenario, really," says cybersecurity expert Alan Woodward, a professor at the University of Surrey (see Attackers Exploit WhatsApp Flaw to Auto-Install Spyware).
That's because the vulnerability in WhatsApp's signaling software enabled attackers, for an as-yet-unknown period of time, to create a buffer overflow in the messaging app, which appears to have allowed them to install Pegasus. That commercial spyware program, sold to governments by Israel's NSO, could surreptitiously enable the target's microphone, intercept data and more.
At the same time, attackers would also have been able to alter call logs, leaving no evidence that they had remotely hacked into iOS, Android, Windows Mobile or Linux-based smartphones.
In the interview (see audio link below photo), Woodward also discusses:
- The flaw in WhatsApp and how it was exploited;
- Unanswered questions surrounding the exploit of the WhatsApp flaw;
- Why nation states of a certain size procure off-the-shelf surveillance tools.
In addition to his role as visiting professor at the department of computing at England's University of Surrey, Woodward is non-executive director at TeenTech, which encourages teenagers to pursue careers in the fields of science, engineering and technology.