This week WhatsApp confirmed that they had discovered a security flaw in their app which let attackers install spy software on targets’ phones.
With the security flaw, hackers could install the software via an infected phone call by simply calling the target, even if the recipient did not pick up the phone. The spyware is capable of trawling through calls, texts and other data, as well as activating the camera and microphone etc.
It left 1.5 billion WhatsApp users concerned about the security of the popular, supposedly ‘secure’ messaging app. WhatsApp has end-to-end encryption, but if a hacker was able to access a phone’s OS, they would be able to read messages without having to decrypt them.
The flaw was found on all OS including iOS, Android and Windows. WhatsApp users have been advised to check that the app has been updated with the latest version on their devices.
Microsoft released fixes for 79 vulnerabilities across its platforms and products this week, including 22 critical bugs. Fears have arisen that there may be another global computer virus outbreak on the horizon, as Microsoft released a patch for Windows XP (which they stopped supporting in 2014).
Any malicious hackers that exploited the flaw could kick off a worldwide outbreak like WannaCry, which hit in 2017. Microsoft said that it was highly likely that the vulnerability would be exploited if it was not patched. All that was needed to activate it was to connect the vulnerable machine to the internet.
This is Microsoft’s first Windows XP patch in two years. The last patch was released just before WannaCry affected users globally. Microsoft is withholding full details about the bug and said that they hadn’t seen an attack in action yet.
Computers running Windows 8 and upwards won’t be affected.
Facebook sues over data misuse
Facebook is filing a lawsuit against South Korean data analytics company, Rankwave, for unlawfully using Facebook data to sell marketing and advertising.
The social network has taken the analytics company to court because they want to audit the business’s activities to see if any of the data from Facebook has been sold or accessed. Facebook says that Rankwave has breached its contract by violating their policies and have abused their developer platform’s data.
Facebook predicts that Rankwave has made millions of dollars by misusing Facebook data. They have suspended them and their apps from the social platform at this point.
Rankwave has allegedly refused to cooperate with any compliance audits or requests to delete data. Facebook is understandably concerned, especially following the Cambridge Analytica scandal last year.
Intel Zombieload bug
Intel has confirmed that a flaw affecting its processor chips has been found. Known as Zombieload, the side-channel attack could allow hackers to spy on tasks being handled by any Intel Core or Xeon-branded CPU that has been released since 2011.
The attack is similar to the Spectre and Meltdown exploits that were discovered last year, which triggered the discovery of new hardware vulnerabilities. The Zombieload attack takes advantage of a design flaw in most chips, which could allow hackers to access any data that was being processed inside a CPU.
The hack could exploit passwords, application content or encryption keys from PCs or cloud-based servers. Intel says that they have addressed the vulnerabilities already with their 8th and 9th generation chips, which have been released over the past year.
For the older processors, the company has been rolling out patches. PC users will need to ensure that they enable firmware-based updates from their PC manufacturer. Apple, Microsoft and Google have also released patches.
We’ll be back again next week with more tech news!