Dial ‘W’ for ‘WhatsApp hack.’ A security hole in Facebook’s WhatsApp messenger allowed hackers to inject spyware onto mobile phones merely by ringing up targets, even if the receiver did not answer the call, the Financial Times reported. The spyware originated with NSO Group, an Israeli hacking tool maker, which vowed to curb misuse of its technology. WhatsApp engineers scrambled to release a patch for the vulnerability on Monday. For the technically curious, here’s a post by Israeli cybersecurity firm Check Point that describes how the hack worked. (Side note: cybersecurity Twitter bashed Bloomberg, rightfully, for tweeting that “WhatsApp’s hack shows end-to-end encryption is largely pointless.”)
Speaking of Facebook and Israel… In addition to the WhatApp fiasco, Facebook gave the boot to an Israeli company, Archimedes Group, that ran disinformation campaigns and influence operations across the site. The offender had 65 accounts, 161 pages, dozens of groups, and four Instagram accounts that attempted to disrupt elections in countries across Africa, Latin America, and Southeast Asia, the Associated Press reported. Meanwhile, Facebook’s chief technology officer, Mike Schroepfer, recently teared up when a New York Times reporter asked him why it took the company an hour to remove a livestream video of the Christchurch massacre from the site.
Knitting the patchwork. This was a big week for vulnerability disclosures. The researchers who last year warned the world about the “meltdown” and “spectre” computer chip vulnerabilities found a new set of hackable vulnerabilities in Intel chips. Microsoft took the unusual step of releasing updates for deprecated operating systems so as to patch “wormable” security holes. Researchers found holes in Cisco enterprise routers that allow for security bypasses. Adobe patched severe security issues in Flash, Reader and Acrobat. Google is replacing hardware security keys that have a Bluetooth hijacking bug. Stack Overflow announced a security breach which exposed some user data. And there’s some uncertainty about whether a few antivirus software vendors—including Symantec, Trend Micro, and McAfee—were breached.
A face in the crowd. San Francisco has banned the use of facial recognition technology by the police and other agencies. The city’s board of supervisors passed the action in an 8-to-1 vote. Although the technology helped identify a mass shooter in Annapolis, Md., civil liberty advocates have objected to the spy tech, arguing that its potential for abuse by the government runs too high.
Femme fatales. The latest issue of The Atlantic has a fascinating read about the history of female spies. The piece highlights a number of books on the subject: D-Day Girls, Madame Fourcade’s Secret War, Code Name: Lise, and A Woman of No Importance. (I just spotted someone tearing through that last one on the subway, so it must be good.) By the way, Fortune is adopting a “50-50” gender parity initiative that strives for equal representation between the sexes. You can read more about it in this recent Washington Post story.
The wall we need?
Share today’s Cyber Saturday with a friend:
Looking for previous Data Sheets? Click here