How Hackers Broke WhatsApp With Just A Phone Call
YOU’VE HEARD THE advice a million times. Don’t click links in suspicious emails or texts. Don’t download shady apps. But a new Financial Timesreport alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them. The targets didn’t need to pick up to be infected, and the calls often left no trace on the phone’s log. But how would a hack like that even work in the first place?
WhatsApp, which offers encrypted messaging by default to its 1.5 billion users worldwide, discovered the vulnerability in early May and released a patch for it on Monday. The Facebook-owned company told the FT that it contacted a number of human rights groups about the issue and that exploitation of this vulnerability bears “all the hallmarks of a private company known to work with governments to deliver spyware.” In a statement, NSO Group denied any involvement in selecting or targeting victims but not its role in the creation of the hack itself…
Over 5 billion robocalls were made in March 2019 alone. But new tools to minimize it—if not kill it off entirely—are on the way. For real this time.
Years into the robocalling frenzy, your phone probably still rings off the hook with “important information about your account,” updates from the “Chinese embassy,” and every bogus sweepstakes offer imaginable. That’s despite promises from the telecom industry and the US government that solutions would be coming. Much like the firehose of spam that made email almost unusable in the late 1990s, robocalls have made people in the US wary of picking up their cell phones and landlines. In fact, email spam offers a useful analogy: a scourge that probably can’t be eliminated, but can be effectively managed.
Finding the right tools for that job remains a challenge. The Federal Trade Commission has had a strong track record in its 140 robocall-related suits, including a recent victory at the end of March that targeted four massive operations. Bipartisan anti-robocalling legislation is gaining traction in Congress. Apps that flag or block unwanted calls have matured and are solidly effective. And wireless carriers—in part facing pressure from the Federal Communications Commission—have increasingly offered their own anti-robocalling apps and tools for free.
Yet the number of robocalls continues to hit new highs. The anti-robocalling company YouMail estimates that March 2019 saw 5.23 billion robocalls, the highest volume ever. And other firms recorded similar highs. But those numbers don’t take into account calls that were successfully blocked. A more useful measure might be the number of complaints filed per month to the FCC and FTC, which remained mostly static in 2018 and the beginning of 2019.
“Even though we’re at an all-time high, there’s some good news,” says YouMail CEO Alex Quilici. “The numbers may be creeping up a little bit, but the situation seems to be mostly stable at this point. We have not turned the corner, but maybe the corner is in sight.”
In fact, some consensus has emerged about where that corner is. Industry groups led by the Alliance for Telecommunications Industry Solutions have been working since 2016 on a pair of standards, dubbed “STIR” and “SHAKEN,” that will be used across landline, mobile, and VoIP carriers to cryptographically authenticate the source of calls. Basically, this means that the “spoofed” phone numbers robocallers rely on to ramp up their call volume—also the reason so many robocalls appear to come from your area code—will be easily flagged as untrustworthy.
November 20, 2017
YOU PROBABLY GET robocalls all the time. Some pretend to be from the IRS, others come from a phone number very similar to yours. And then there’s the rash of free airline tickets/problem with your credit card/complete this short survey intrusions. If it feels like they’re cropping up more than ever, you’re right. The blocking service YouMail estimates that 2.49 billion robocalls were placed to US consumers last month, marking a 4.1 percent increase over September. This translates to 80.5 million robocalls, every single day…