BBC today reported that a vulnerability on the famous online messaging application WhatsApp helped hackers to install surveillance software on phones using the voice call. The attack is discovered earlier this month and a fix was rolled out on last Friday, So it is advised that everyone update the WhatsApp to the latest version.
Attackers can just call target’s phone number and even if the call is not picked up the surveillance software would be installed. And the call will be removed from the call log so that the victim may not even identify.
Prof Alan Woodward from the University of Surrey said it was a "pretty old-fashioned" method of attack.
"In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area," he explained.
"In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently you did not need to answer the call for the attack to work."
An Israel company named NSO owned by US investment firm Francisco Partners is behind the software