• Mitigating the WhatsApp Pegasus Attack

Mitigating the WhatsApp Pegasus Attack

May 20, 2019
Mitigating the WhatsApp Pegasus Attack

As you’ve likely heard by now, a vulnerability was reported in Facebook’s popular social engagement platform, WhatsApp. This vulnerability enabled the injection of powerful Pegasus spyware developed by NSO Group, a well-known Israeli firm focused on cyber intelligence. What’s really unnerving is that injection of Pegasus is super stealth.  It is delivered simply by calling the targeted Android or iOS device. And even if the device owner does not answer the call, guess what? The injection occurs and BAM! Just like that, Pegasus has access to the user’s camera and microphone, and provides the attacker access to the user’s location data, as well as their emails and texts.

Though it is believed that this Pegasus attack is targeting WhatsApp users with privileged access to sensitive data and correspondence, such as data handled by journalists and lawyers, WhatsApp urged all of its 1.5 billion users to upgrade the application immediately in order to take advantage of critical fixes.  In addition, it's highly recommended that users run the latest versions of Android or iOS. As per WhatsApp, the identified vulnerability exists in the following:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

Why was WhatsApp a prime target for a Pegasus attack? Because older versions of WhatsApp suffered from a buffer overflow weakness. This provided attackers with a means for running malicious code on targeted devices. Data packets are manipulated during the start of a WhatsApp voice call. The overflow is triggered and the attacker can then commandeer the application and deploy surveillance tools on the devices.

MobileIron’s Threat Defense (MTD) solution provides immediate, on-device threat protection, protecting against device, app and network threats even when the device is offline. In the case of the Whatsapp vulnerability, MTD would immediately identify devices running the vulnerable Whatsapp versions via advanced app analysis capabilities, a huge step in identifying and preventing the attack. If the exploit attempts to elevate privileges and compromise the device, devices running MTD would:

  • Detect the attack immediately
  • Notify the device user through mobile clients and enterprise admin through MobileIron UEM console
  • Take preventive actions to protect company data through custom compliance actions

Administrators can use our capabilities to find all the devices that have the vulnerable versions of WhatsApp on them and assign compliance actions to only those devices, while not affecting the productivity of users running updated version of the compromised app.

To learn more on this topic, stay tuned to MobileIron’s future blogs as we discuss how MobileIron’s mobile-centric, zero trust security platform provides the best data protection in a world where there truly are no boundaries.


Matthew Law

Matthew Law, Product Marketing Manager - Mobile Security at MobileIron

About the author

Matt Law has more than 20 years of combined experience in tech product management, product marketing and sales. Prior to joining MobileIron as a product marketing manager for mobile security, he served in similar roles in the areas of high-performance computing (HPC), backup and recovery (BAR), continuous data protection (CDP) and desktop virtualization.  A Florida native, and graduate of the University of South Florida in Tampa, Matt migrated west via Colorado, and now resides in Southern California with his wife and two children. In his spare time, he enjoys outdoor activities, loud guitars and open chords.

Similar Blogs