Written byShubham Sharma
If you've not updated WhatsApp in a long while (weeks or months), it might just be the time to do so.
The messaging service has issued a fix for a major security flaw, which has been lurking around in the Android and iOS versions of WhatsApp, giving hackers an opportunity to take control of their targets' app and account via video calls.
The bug, which was first discovered in August, opens WhatsApp to attack by corrupting its heap memory.
In order to be exploited, the attacker has to deliver a malformed Real-time Transport Protocol packet to the target.
This, as researchers described, could be done by simple video calling, because any unaware individual could easily answer the call and have their accounts compromised.
The 'memory corruption' bug was found by Google Project Zero security researcher Natalie Silvanovich, who was able to publish its proof-of-concept code and give detailed instructions for reproducing the attack.
She also found that the bug only affected WhatsApp's Android and iOS apps. The web version of the service uses WebRTC instead of RTP for video conferencing and are not at risk.
Now that we know the problem, it is important to reiterate how crucial it is to update the WhatsApp's mobile app.
WhatsApp issued a fix for Android users on September 28 and followed up with an iOS fix on October 3.
Meaning, if you haven't updated your app post these dates, do it right away.
WhatsApp says it hasn't found a single case, where the bug has actually been exploited, but it is always better to play safe in such cases.
"We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable," a company spokesperson told ZDNet. "We promptly issued a fix to the latest version of WhatsApp to resolve this issue".
In the wake of Facebook's recent data breach affecting 50 million users, people have been expressing concerns over WhatsApp's security.
Just last week, Israel's cybersecurity agency issued a countrywide alert to warn users about a new hijacking technique, one in which hackers could leverage improperly secured voicemail accounts to gain control over the service.
Love Science news?
Subscribe to stay updated.