Another Pegasus-like spyware found targeting WhatsApp with MP4 files
New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.
This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.
When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.
Pegasus-like features
Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.
A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."
Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.
According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.
An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.
This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.
This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.
WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.
Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.
Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".
According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."
Courtesy: www.indiatoday.in
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
London, Nov 22: A bomb disposal squad deployed as a “precaution” to the South Terminal of Gatwick Airport concluded an investigation into a "security incident" on Friday after making a “suspect package” safe.
The South Terminal of Gatwick Airport, the UK's second busiest airport after Heathrow, which was briefly shut owing to the incident reopened following the incident.
The Gatwick is around 45 km south of London.
Two people detained during the enquiries have since been allowed to continue their journey as the airport was opened.
“Police have concluded their investigation into a report of a suspect package at Gatwick Airport. Officers from the EOD (Explosive Ordnance Disposal) team made the package safe, and the airport has been handed back to its operator,” Sussex Police said in an updated statement.
“Two people detained while enquiries were ongoing have subsequently been allowed to continue their journeys. There will remain an increased police presence in the area to assist with passengers accessing the South Terminal for onward travel,” the statement added.
Earlier on Friday, the incident caused severe disruption at the busy airport’s South Terminal, while the North Terminal of Gatwick Airport remained unaffected.
“Police were called to the South Terminal at Gatwick Airport at 8.20 am on Friday (November 22) following the discovery of a suspected prohibited item in luggage,” a Sussex Police statement said.
“To ensure the safety of the public, staff and other airport users, a security cordon has been put in place whilst the matter is dealt with. As a precaution, an EOD (Explosive Ordnance Disposal) team is being deployed to the airport. This is causing significant disruption and some roads around the South Terminal have been closed. We’d advise the public to avoid the area where possible,” it said.
Footage on social media taken outside the airport showed crowds of frustrated travellers being moved away from the terminal building.
Gatwick said it was working hard to resolve the issue.
“A large part of the South Terminal has been evacuated as a precaution while we continue to investigate a security incident," the airport said in a social media post.
“Passengers will not be able to enter the South Terminal while this is ongoing. The safety and security of our passengers and staff remain our top priority. We are working hard to resolve the issue as quickly as possible.”
Train and bus services that serve the airport were also impacted while the police carried out their inquiries.
In an unrelated incident in south London on Friday morning, the US Embassy area in Nine Elms by the River Thames was the scene of a controlled explosion by Scotland Yard dealing with what they believe may have been a “hoax device”.
“We can confirm the 'loud bang' reported in the area a short time ago was a controlled explosion carried out by officers,” the Metropolitan Police said in a post on X.
“Initial indications are that the item was a hoax device. An investigation will now follow. Some cordons will remain in place for the time being but the majority of the police response will now be stood down,” it added.
