The Pegasus Voice Call attack was discovered in early The user is also unaware of the fact that the malware has been installed on their device. This attack installed an older and well-known piece of spyware called Pegasus which basically allows hackers to collect data on phone calls, messages, photos, and video.
It even lets them activate devices' cameras and microphones to take recordings. This kind of attack was used by the Israeli firm NSO Group which has been accused of spying on Amnesty International staff and other human rights activists. After news of the hack broke, WhatsApp was updated to protect it from this attack. WhatsApp is vulnerable through socially engineered attacks as it exploits human psychology to steal information or spread misinformation.
Security firm CheckPoint Research revealed one such attack called FakesApp which allowed people to misuse the quote feature in the group chat and to alter the text of another person's reply. Taking advantage of that, hackers could plant fake statements that appear to be from other legitimate users. This was possible by decrypting WhatsApp communications and it allowed them to see data sent between the mobile version and the web version of WhatsApp.
After that they could change values in group chats and further impersonate other people, sending messages which appeared to be from them. The text replies also could be changed. What follows next is normally the criminal impersonating the victim and requesting money from their contacts usually for an emergency but always on the promise of being repaid or the criminal will use the compromised account in the same manner as before to hack more and more accounts.
No matter the claim, you should never share your WhatsApp SMS verification code with others, not even friends or family.
Sharing codes can cause you to lose your account. If you're unfortunately tricked into sharing your code and lose access to your WhatsApp account, read the instructions below on how to recover your account. Please note, WhatsApp is end-to-end encrypted and messages are stored on your device, so someone accessing your account on another device can't read your past conversations. But they will be able to read and reply to any new messages you receive and post in any groups you are a member of.
A chat app without friends is not much use. In theory, any device or service could be hacked. In fact, security researchers often joyfully pile in on companies that claim their products are "unhackable". They quickly discover vulnerabilities and the embarrassed companies retract their claims.
If people are worried data may be stolen from their computer, one option is to "air gap" the device: disconnect it from the internet entirely. That stops remote hackers accessing the machine - but even an air gap would not stop an attacker with physical access to the device. Dr Barker stressed the importance of installing software updates for apps and operating systems. WhatsApp did not help the cause, however, by describing the latest update as adding "full-size stickers", and not mentioning the security breach.
The quicker we can update our apps, the more secure we are," said Dr Barker. As always, there are simple security steps to remember:. WhatsApp discovers surveillance attack. A new vulnerability has been discovered which could allow a remote attacker to easily deactivate WhatsApp on your phone.
And to do that the attacker will just use your phone number. And the most concerning part is that the two-factor authentication will not be able to prevent this from happening. Some amount of error by the user and your WhatsApp is deactivated. And this attack cannot be prevented even through two-factor authentication. To understand this first, we should know that when we install WhatsApp on our smartphones, we receive an SMS code to verify the SIM card and the number.
The hacker uses the same technique, install WhatsApp on their smartphone using your mobile number.
0コメント