Wonderful Engineering

This Is How Hackers Have Been Using Voice Calls To Spread Spyware

During the start of this week, it came to light that a vulnerability existed in WhatsApp that enabled hackers to spread spyware to the smartphones via phone calls that were made through the app. Hackers exploited a bug within the WhatsApp called buffer overflow vulnerability that according to the company, was fixed quickly.

A buffer overflow is actually exactly what is sound like; an issue that can pop up when the app gets flooded with more data than it can store in its buffer or temporary storage space. Rik Ferguson, the vice president of security research at Trend Micro, said, ‘A buffer overflow occurs when a programming error allows more data to be written to a given area of memory than what can actually be stored there. The extra data flows into adjacent storage, corrupting or overwriting the data previously held there, and can cause crashes, corruptions, or serve as an entry point for further intrusions.’

The hackers exploited the buffer overflow bug in WhatsApp by making use of the voice call function. They were able to install spyware on smartphones without the owners knowing about this. The exploit worked even if the victim didn’t attend the call. How can this be? WhatsApp’s call function works similar to many other popular messaging apps; by using Voice over Internet Protocol (VoIP). It enables users to place or receive calls over the Internet instead of a standard telephone line.

When you receive a call via WhatsApp, the app will set up the VoIP transaction and the encryption that is required, according to Ferguson. Once this has been done, the app will notify the user about the incoming call and whether to accept, decline, or ignore the call. Ferguson says, ‘It is my understanding that the buffer overflow exploit occurs during this phase, which is why the recipient does not need to answer the call to be successfully compromised.’

Buffer-overflow vulnerabilities are not new. In fact, they have existed for quite some and even date back to the Morris worm from 1988. Ferguson, while talking about buffer flow vulnerability, says, ‘Finding them is difficult and successful exploitation even more complex, but attackers and researchers still regularly do so.’ The malicious code that was utilized for the WhatsApp attack was developed by the Israeli firm NSO Group that is also the company with the product called Pegasus. Pegasus can be used for activating a smartphone’s camera and smartphone.

WhatsApp has not released details about how many users have been affected but has urged that its users upgrade to the latest version of the app.