A Zero-Day, Zero-Click Vulnerability on WhatsApp Affects Journalists' Phones
Zero-click zero-day WhatsApp vulnerability exposed: Recommended actions to follow
Meta, the owner of WhatsApp, has acknowledged a zero-day bug in their app that has supposedly been exploited, compromising roughly 90 journalists' devices. Zero-day bugs are security vulnerabilities for which no patch was available when the attack started, making them undetectable even to the most diligent users and system administrators.
The attack is also described as a zero-click one, meaning victims can be infected without clicking on a suspicious link or opening a message, even if the message seems genuine. This type of attack uses remote code execution, so the device itself can pass malicious data directly to the vulnerable component of the app. Simplified, having the app installed and being logged into WhatsApp service could potentially allow the attack, given that messages and calls are automatically processed in the background.
Once a rogue call or message appears, spyware or malware might already have been installed on the device. The implant has been linked to the spyware vendor Paragon and a surveillance tool called Graphite.
On a positive note, launching attacks of this kind is typically costly and complex, making them used sparingly for targeted attacks. Spyware vendors usually don't exploit their zero-days broadly as it makes the attack more challenging to detect, analyze, and patch. Consequently, the infection count is currently estimated to be below 100 devices, implying a low chance of your phone being among them.
However, spyware installed on phones is often challenging to detect, especially on iPhones and Android devices that are designed to restrict the installation of unsigned software. Mobile malware typically runs outside the usual app environment, making it difficult to find and nearly impossible to remove using typical methods.
Updating and reinstalling WhatsApp after it has been patched will protect users in the future if they aren't currently infected. Removing rogue software from the device may require a factory reset, but backed-up data should be restored with caution as it could contain rogue messages that might trigger another attack.
For more information, users can refer to Apple's DFU [1] or Google's Android Images [2] for updates and guidelines. If you don't have a Mac or Windows and want an offline backup option for iPhones, consider using libimobiledevice [3]. For businesses and individuals at higher risk, implementing mobile device management (MDM) solutions for faster threat identification and response is advisable [4]. Lastly, consider utilizing a mobile security solution that offers active, on-device protection, similar to endpoint detection and response tools for laptops, desktops, and servers [5].
References
- Apple's Device Firmware Update (DFU)
- Google's Android Images
- libimobiledevice for iPhone Backup
- Mobile Security: Beyond Traditional MDM
- Mobile Protection on Our Website
In light of the WhatsApp zero-day vulnerability, it's essential for users to enhance their cybersecurity measures, particularly in data-and-cloud-computing settings. To mitigate risks, frequent updates and reinstallations of WhatsApp should be prioritized, as patches can provide protection against such attacks. Additionally, implementing technology-driven mobile device management (MDM) solutions can aid in faster threat identification and response for individuals and businesses at higher risk.
