Novel MMS Fingerprint attack used by NSO Group against WhatsApp
WhatsApp users have been targeted by Israeli spyware firm NSO Group through the new MMS Fingerprint attack that involved the exploitation of a vulnerability in the widely used messaging app, Hackread reports.
Such a security weakness had been leveraged by NSO Group to facilitate the installation of its Pegasus spyware into the devices of targeted journalists, government officials, and activists and enable the exfiltration of device information without the need for user interaction, according to a report from Enea. "The tactical evolution from requiring user interaction to achieve compromisesuch as the unfortunate click on a malicious link to now being able to extract valuable information through seemingly benign MMSs, underlines a significant shift. It's concerning, to say the least, that users can be targeted without any user interaction... In the broader context, incidents like the MMS Fingerprint attack are reminders that security cannot remain static and needs to continually evolve and build more resilient and secure systems," said KnowBe4 Lead Security Awareness Advocate Javvad Malik.
WhatsApp users have been targeted by Israeli spyware firm NSO Group through the new MMS Fingerprint attack that involved the exploitation of a vulnerability in the widely used messaging app, Hackread reports.
Such a security weakness had been leveraged by NSO Group to facilitate the installation of its Pegasus spyware into the devices of targeted journalists, government officials, and activists and enable the exfiltration of device information without the need for user interaction, according to a report from Enea. "The tactical evolution from requiring user interaction to achieve compromisesuch as the unfortunate click on a malicious link to now being able to extract valuable information through seemingly benign MMSs, underlines a significant shift. It's concerning, to say the least, that users can be targeted without any user interaction... In the broader context, incidents like the MMS Fingerprint attack are reminders that security cannot remain static and needs to continually evolve and build more resilient and secure systems," said KnowBe4 Lead Security Awareness Advocate Javvad Malik.
