- Whatsapp patch vulnerability used to implement graphite
- Graphite is a commercial spyware built by Israeli developers Paragon
- Around 90 people were attacked, said WhatsApp
WhatsApp says that it has set a zero-day vulnerability that was apparently used by the nation states to spy journalists, dissidents, political opponents and others.
After being proposed by Citizen Lab security researchers, WhatsApp addressed an error that allowed the threat actors to implement graphite, a sophisticated Spyware tool developed by the Israeli company Paragon Solutions.
The graphite was implemented in a “zero click” attack, which means that the victim’s interaction was not required.
Protect your Android phone
“WhatsApp has interrupted a Paragon Spyware campaign that addressed several users, including journalists and civil society members. We have communicated directly to the people who believe they were affected,” said a WhatsApp spokesman for Bleepingcomputer.
“This is the last example of why Spyware companies must be responsible for their illegal actions. WhatsApp will continue to protect people’s ability to communicate privately.”
A CVE was not assigned to vulnerability.
WhatsApp also said that he notified about 90 people, located in more than two dozen countries, including Italian journalists and activists.
In theory, the attack was very simple. After obtaining the phone numbers of their goal, the threat actors would add them to a WhatsApp group, before sending an armed PDF. Since the device automatically processes PDF files, the end point is committed without any user action. The next step is to escape Android Sandbox and install the Spyware, which gives attackers access to the device messaging applications.
Citizen Lab was analyzing Graphite’s infrastructure and found “potential links with multiple government clients”, including Australia, Canada, Chipre, Denmark, Israel and Singapore.
Governments in Europe and the United States have been quite vowel in their opposition to commercial spyware. In February 2022, the European Data Protection Supervisor (EDPS) recommended prohibiting the use of Pegasus Spyware within the EU, citing concerns about fundamental rights and freedoms. The team of developers of Pegasus, Ngo Group, was on the blacklist in the United States on November 3, 2021.
