Update WhatsApp: This video call bug could compromise your account
If you've not updated WhatsApp in a long while (weeks or months), it might just be the time to do so.
The messaging service has issued a fix for a major security flaw, which has been lurking around in the Android and iOS versions of WhatsApp, giving hackers an opportunity to take control of their targets' app and account via video calls.
WhatsApp issues fix for major security flaw
Hijacking attempts via video calls, but how?
The bug, which was first discovered in August, opens WhatsApp to attack by corrupting its heap memory.
In order to be exploited, the attacker has to deliver a malformed Real-time Transport Protocol packet to the target.
This, as researchers described, could be done by simple video calling, because any unaware individual could easily answer the call and have their accounts compromised.
WhatsApp Web safe
However, it doesn't affect WhatsApp Web
The 'memory corruption' bug was found by Google Project Zero security researcher Natalie Silvanovich, who was able to publish its proof-of-concept code and give detailed instructions for reproducing the attack.
She also found that the bug only affected WhatsApp's Android and iOS apps. The web version of the service uses WebRTC instead of RTP for video conferencing and are not at risk.
Love Tech news?
Stay updated with the latest happenings.
Fix being rolled out with the latest version
Now that we know the problem, it is important to reiterate how crucial it is to update the WhatsApp's mobile app.
WhatsApp issued a fix for Android users on September 28 and followed up with an iOS fix on October 3.
Meaning, if you haven't updated your app post these dates, do it right away.
No exploit evidence
No evidence of an exploit, not until now
WhatsApp says it hasn't found a single case, where the bug has actually been exploited, but it is always better to play safe in such cases.
"We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable," a company spokesperson told ZDNet. "We promptly issued a fix to the latest version of WhatsApp to resolve this issue".
Concerns over WhatsApp's security
In the wake of Facebook's recent data breach affecting 50 million users, people have been expressing concerns over WhatsApp's security.
Just last week, Israel's cybersecurity agency issued a countrywide alert to warn users about a new hijacking technique, one in which hackers could leverage improperly secured voicemail accounts to gain control over the service.