Want to share with your friends too?

Science
11 Oct 2018

Update WhatsApp: This video call bug could compromise your account

WhatsApp issues fix for major security flaw

If you've not updated WhatsApp in a long while (weeks or months), it might just be the time to do so.

The messaging service has issued a fix for a major security flaw, which has been lurking around in the Android and iOS versions of WhatsApp, giving hackers an opportunity to take control of their targets' app and account via video calls.

Here's more.

In context

WhatsApp issues fix for major security flaw
Hijacking attempts via video calls, but how?

Bug details

Hijacking attempts via video calls, but how?

The bug, which was first discovered in August, opens WhatsApp to attack by corrupting its heap memory.

In order to be exploited, the attacker has to deliver a malformed Real-time Transport Protocol packet to the target.

This, as researchers described, could be done by simple video calling, because any unaware individual could easily answer the call and have their accounts compromised.

WhatsApp Web safe

However, it doesn't affect WhatsApp Web

The 'memory corruption' bug was found by Google Project Zero security researcher Natalie Silvanovich, who was able to publish its proof-of-concept code and give detailed instructions for reproducing the attack.

She also found that the bug only affected WhatsApp's Android and iOS apps. The web version of the service uses WebRTC instead of RTP for video conferencing and are not at risk.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Fix being rolled out with the latest version

Fix

Fix being rolled out with the latest version

Now that we know the problem, it is important to reiterate how crucial it is to update the WhatsApp's mobile app.

WhatsApp issued a fix for Android users on September 28 and followed up with an iOS fix on October 3.

Meaning, if you haven't updated your app post these dates, do it right away.

No exploit evidence

No evidence of an exploit, not until now

WhatsApp says it hasn't found a single case, where the bug has actually been exploited, but it is always better to play safe in such cases.

"We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable," a company spokesperson told ZDNet. "We promptly issued a fix to the latest version of WhatsApp to resolve this issue".

Concerns over WhatsApp's security

Security concerns

Concerns over WhatsApp's security

In the wake of Facebook's recent data breach affecting 50 million users, people have been expressing concerns over WhatsApp's security.

Just last week, Israel's cybersecurity agency issued a countrywide alert to warn users about a new hijacking technique, one in which hackers could leverage improperly secured voicemail accounts to gain control over the service.

Ask NewsBytes
User Image

Next Timeline