No Result
View All Result
Friday, July 1, 2022
Citi Business News
  • Home
  • News
    • All
    • Agriculture
    • Economy
    • General
    • Government
    • Local Economy
    • Top Stories

    We’re not charging E-levy on merchant accounts – GRA

    Gov’t still plans on tabling a legislation to compel banks to lend to the Agric sector – Agric Minister

    AfCFTA Secretariat calls for accelerated dev’t for key infrastructure in Africa to boost trade

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Enterprise Group PLC records 37% rise in revenue in 2021

    Prices of petrol, LPG to fall by 4% in first pricing window of July – IES

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    ASTM International pledges support for Ghana’s petroleum industry

    NIB MD laments cost of borrowing for private sector

  • Business
    • All
    • Agribusiness
    • Banking And Finance
    • Manufacturing
    • Markets
    • Mining
    • Oil And Gas
    • Real Estate
    • Tourism
    • Transport

    Gov’t still plans on tabling a legislation to compel banks to lend to the Agric sector – Agric Minister

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Enterprise Group PLC records 37% rise in revenue in 2021

    Prices of petrol, LPG to fall by 4% in first pricing window of July – IES

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    ASTM International pledges support for Ghana’s petroleum industry

    NIB MD laments cost of borrowing for private sector

    Finance professionals urged to develop strategies to boost ESG-driven business environment

    Gov’t likely to scrap E-Levy if its revenue stays low – Tax analyst

  • TECHNOLOGY

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    BoG, CSA deepen collaboration to fight cyber threats

    Dr. Bawumia unveils Ghana’s first Tier IV data centre

    ADB pioneers in global remittance services in Ghana [ARTICLE]

    Introduction of GhanaPay complements efforts to capture the unbanked into digital payments ecosystem – Veep

    #CitiBusinessFestival: How the country can take advantage of the “Ghana Opportunity”

    Chamber of Telecommunications calls for more investment into Technology to improve livelihoods

    Citi Business Festival: Address lack of financial data challenges using MoMo – Rufai Abdul Majeed

  • INTERNATIONAL
    • All
    • Africa
    • Asia
    • Europe
    • Middle East
    • US

    Africa’s internet economy to cross $180 billion by 2025: Report

    Regional economic cooperation needed to enhance Africa’s competitiveness – Bawumia

    Ivory Coast is set to receive $26.1 billion worth of development finance from 4 lenders, the EU and France

    Gulf central banks, Bank of England raise policy rates after Fed hike

    US Fed meets inflation surge with 75bp hike

    As Nigeria’s inflation rate accelerates to 17.71%, the World Bank warns millions could face extreme poverty

    Modern airline tickets design with flight time and passenger name. Plane tickets vector pictogram. Airline boarding pass template. Vector illustration. The concept of air transportation

    Ticket prices to rise following B.A schedule change on Accra-London-Accra route

    Bawumia calls for more AfDB support as African economies battle global challenges

    Stringent measures needed to deal with illicit financial transactions in Africa – Akufo-Addo

  • FEATURES
  • Videos
Citi Business News
  • Home
  • News
    • All
    • Agriculture
    • Economy
    • General
    • Government
    • Local Economy
    • Top Stories

    We’re not charging E-levy on merchant accounts – GRA

    Gov’t still plans on tabling a legislation to compel banks to lend to the Agric sector – Agric Minister

    AfCFTA Secretariat calls for accelerated dev’t for key infrastructure in Africa to boost trade

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Enterprise Group PLC records 37% rise in revenue in 2021

    Prices of petrol, LPG to fall by 4% in first pricing window of July – IES

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    ASTM International pledges support for Ghana’s petroleum industry

    NIB MD laments cost of borrowing for private sector

  • Business
    • All
    • Agribusiness
    • Banking And Finance
    • Manufacturing
    • Markets
    • Mining
    • Oil And Gas
    • Real Estate
    • Tourism
    • Transport

    Gov’t still plans on tabling a legislation to compel banks to lend to the Agric sector – Agric Minister

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Enterprise Group PLC records 37% rise in revenue in 2021

    Prices of petrol, LPG to fall by 4% in first pricing window of July – IES

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    ASTM International pledges support for Ghana’s petroleum industry

    NIB MD laments cost of borrowing for private sector

    Finance professionals urged to develop strategies to boost ESG-driven business environment

    Gov’t likely to scrap E-Levy if its revenue stays low – Tax analyst

  • TECHNOLOGY

    Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

    Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

    BoG, CSA deepen collaboration to fight cyber threats

    Dr. Bawumia unveils Ghana’s first Tier IV data centre

    ADB pioneers in global remittance services in Ghana [ARTICLE]

    Introduction of GhanaPay complements efforts to capture the unbanked into digital payments ecosystem – Veep

    #CitiBusinessFestival: How the country can take advantage of the “Ghana Opportunity”

    Chamber of Telecommunications calls for more investment into Technology to improve livelihoods

    Citi Business Festival: Address lack of financial data challenges using MoMo – Rufai Abdul Majeed

  • INTERNATIONAL
    • All
    • Africa
    • Asia
    • Europe
    • Middle East
    • US

    Africa’s internet economy to cross $180 billion by 2025: Report

    Regional economic cooperation needed to enhance Africa’s competitiveness – Bawumia

    Ivory Coast is set to receive $26.1 billion worth of development finance from 4 lenders, the EU and France

    Gulf central banks, Bank of England raise policy rates after Fed hike

    US Fed meets inflation surge with 75bp hike

    As Nigeria’s inflation rate accelerates to 17.71%, the World Bank warns millions could face extreme poverty

    Modern airline tickets design with flight time and passenger name. Plane tickets vector pictogram. Airline boarding pass template. Vector illustration. The concept of air transportation

    Ticket prices to rise following B.A schedule change on Accra-London-Accra route

    Bawumia calls for more AfDB support as African economies battle global challenges

    Stringent measures needed to deal with illicit financial transactions in Africa – Akufo-Addo

  • FEATURES
  • Videos
No Result
View All Result
Citi Business News
No Result
View All Result

WhatsApp discovers ‘targeted’ surveillance attack

bycitibusinessnews
May 14, 2019
in News
Share on FacebookShare on TwitterShare on Whatsapp

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users and was orchestrated by “an advanced cyber-actor”.

A fix was rolled out on Friday.

ADVERTISEMENT

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The surveillance software involved was developed by Israeli firm NSO Group, according to a report in the Financial Times.

Facebook first discovered the flaw in WhatsApp earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

Some users of the app have questioned why the app store notes associated with the latest update are not explicit about the fix.

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device.

Even if the call was not picked up, the surveillance software could be installed. According to the FT report, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw. It shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

The firm also published an advisory to security specialists, in which it described the flaw as: “A buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.”

Prof Alan Woodward from the University of Surrey said it was a “pretty old-fashioned” method of attack.

“In a buffer overflow, an app is allocated more memory than it actually needs, so it has space left in the memory. If you are able to pass some code through the app, you can run your own code in that area,” he explained.

“In VOIP there is an initial process that dials up and establishes the call, and the flaw was in that bit. Consequently, you did not need to answer the call for the attack to work.”

Who is behind the software?

The NSO Group is an Israeli company that has been referred to in the past as a “cyber-arms dealer”.

While some cyber-security companies report the flaws they find so that they can be fixed, others keep problems to themselves so they can be exploited or sold to law enforcement.

The NSO Group is part-owned by the London-based private equity firm Novalpina Capital, which acquired a stake in February.

NSO’s flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.

In a statement, the group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror.

  • On the frontline of India’s WhatsApp fake news war
  • WhatsApp sets new rules after mob killings

“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”

Who has been targeted?

WhatsApp said it was too early to know how many users had been affected by the vulnerability, although it added that suspected attacks were highly-targeted.

According to the New York Times, one of the people targeted was a London-based lawyer involved in a lawsuit against the NSO Group.

Amnesty International, which said it had been targeted by tools created by the NSO Group in the past, said this attack was one human rights groups had long feared was possible.

“They’re able to infect your phone without you actually taking an action,” said Danna Ingleton, deputy programme director for Amnesty Tech. She said there was mounting evidence that the tools were being used by regimes to keep prominent activists and journalists under surveillance.

“There needs to be some accountability for this, it can’t just continue to be a wild west, secretive industry.”

On Tuesday, a Tel Aviv court will hear a petition led by Amnesty International that calls for Israel’s Ministry of Defence to revoke the NSO Group’s licence to export its products.

What are the unanswered questions?

  • How many people were targeted? WhatsApp says it is too early in its investigation to say how many people were targeted, or how long the flaw was present in the app
  • Does updating WhatsApp remove the spyware? WhatsApp has not said whether updating to the latest version of the app removes any spyware that has already infected a compromised device
  • What could the spyware do? WhatsApp has not said whether the attack could extend beyond the confines of WhatsApp, reaching further into a device and accessing emails, photos and more

“Using an app as an attack route is limited on iOS as they run apps in very tightly controlled sandboxes,” said Prof Woodward. “We’re all assuming that the attack was just a corruption of WhatsApp but analysis is still ongoing.

“The nightmare scenario would be if you could get something much more capable onto the device without the user having to do anything,” he said.

The BBC has asked WhatsApp for clarification.

Related Posts

Tax

We’re not charging E-levy on merchant accounts – GRA

byBenjamin Aklama

The Ghana Revenue Authority (GRA) has denied reports on various social media platforms indicating that the authority will from today,...

Read more

Gov’t still plans on tabling a legislation to compel banks to lend to the Agric sector – Agric Minister

AfCFTA Secretariat calls for accelerated dev’t for key infrastructure in Africa to boost trade

Financial transactions will be allowed even without Ghana card from 1st July – GAB assures

Enterprise Group PLC records 37% rise in revenue in 2021

Prices of petrol, LPG to fall by 4% in first pricing window of July – IES

Losses due to fraud in banking sector in 2021 up by 144%; hits GH¢61m – BoG report

Next Post

Female unemployment rate lowest since 1971

Video on Demand: Business Weekly

ADVERTISEMENT
Citi Business News

© 2019 Citi Business News - CitiBusinessNews.com by CNR Digital.

Navigate Site

  • Home
  • News
  • Business
  • TECHNOLOGY
  • INTERNATIONAL
  • FEATURES
  • Videos

Follow Us

No Result
View All Result
  • Home
  • News
  • Business
  • TECHNOLOGY
  • INTERNATIONAL
  • FEATURES
  • Videos

© 2019 Citi Business News - CitiBusinessNews.com by CNR Digital.