WhatsApp Vulnerability Discovered
Privacy is difficult to manage when all it takes is a WhatsApp voice call to access the entire contents of your phone. In this Risk Alert, we break down the recent WhatsApp exploit and the challenges it presents for those managing cyber exposure.
What happened?
An Israeli cyber security organisation, the NSO Group, discovered a vulnerability within the Facebook-owned WhatsApp messaging app that allows hackers to install spying software on both iOS and Android phones running the app. Hackers were able to gain full remote access to devices, including the camera and microphone functions.
The NSO Group stated that "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” In layman’s terms, a problem with the WhatsApp call function could be exploited to allow for the execution of malicious code – primarily the installation of spying software. Most alarmingly, the exploit did not require any action from the owner of the device in order to be effective. WhatsApp has since updated the app and addressed the vulnerability. It has indicated that only a select number of users were targeted.
Want to know more?
Data Breach Watch
Singapore Red Cross
Over 4,000 individuals who had registered their interest in donating blood have had their personal information breached. The leaked data primarily contained contact details and blood types. External forensic consultants have been engaged to investigate and Singapore Red Cross has self-reported to the Personal Data Protection Commission. It is suspected that a weak administrator password may have been exploited.
The data breach follows a series of events affecting the health industry in Singapore, including the
SingHealth data breach in 2018, the
breach of the HIV registry and the improper online publishing of records belonging to 800,000 people who have donated blood by a Health Sciences Authority vendor in March of 2019.
Fast Retailing
Fast Retailing, the company behind two of Japan’s biggest clothing brands – Uniqlo and GU – has alerted customers that over 460,000 online accounts have been compromised by malicious actors. The attackers appear to have utilised a “credential stuffing” attack, farming user ID and password combinations from previous data breaches from the dark web and testing these combinations at a high frequency. Where customers used combination for other accounts and did not activate two-factor authentication, their profiles were vulnerable.
The attack serves as a good reminder to individuals to carefully manage user ID and password combinations across different online accounts – particularly where they have already been the victim of a breach. Two-factor authentication, where available, offers a further level of protection. For organisations holding this data, increased vigilance over online customer behaviour is critical. Even when user activity appears legitimate, customers will expect companies to recognise suspicious account usage.