WhatsApp bug allowed hackers to crash app while answering a video call

Critical vulnerability that could compromise your WhatsApp account when answering a video call fixed

Although WhatsApp uses end-to-end encryption method in messages/calls/video calling, your smartphone could still get hacked by just answering a video call.

This is what was discovered by Natalie Silvanovich,  a security researcher with Google’s Project Zero security research team. She found a severe vulnerability in WhatsApp Messenger that could have given hackers complete remote control of your WhatsApp just by video calling you over the messaging app.

Silvanovich reported the vulnerability to WhatsApp at the end of August this year. The company fixed the same on September 28 in the Android client and on October 3 in the iPhone client.

The vulnerability is a memory heap overflow issue. In other words, it is a “memory corruption bug in WhatsApp’s non-WebRTC video conferencing implementation”. The bug is triggered when a user receives a malformed RTP (Real-time Transport Protocol) packet via a video call, triggering the corruption error and crashing the WhatsApp mobile application.

“This issue can occur when a WhatsApp user accepts a call from a malicious peer,” Silvanovich said in a bug report. “It affects both the Android and iPhone clients.”

Silvanovich also published proof-of-concept code, along with instructions for reproducing the WhatsApp attack. The vulnerability only affects Android and iOS apps, since they use the RTP for video conferencing. On the other hand, WhatsApp Web that depends on WebRTC for video calls was unaffected.

Tavis Ormandy, another Google Project Zero researcher, said that the flaw was serious, as hackers could have completely taken control of your WhatsApp account and spied on your secret conversations.

“This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp,” Ormandy said.

Although the WhatsApp bug has been patched, we recommend WhatsApp users to update to the latest version of the messaging app on Android and iOS.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!


Please enter your comment!
Please enter your name here

Read More

Suggested Post