These days, a majority of smartphone users have installed WhatsApp. This app is one of the most widely used social messaging apps across the world. The Facebook-owned app has over 1.5 billion strong user base which records over 65 billion messages daily.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Recently, a researcher has found that a bug in the Android and iOS devices has been allowing hackers to hijack user’s application with a video call. The vulnerability was discovered at the end of August 2018.

The vulnerability as described by the researcher was a  "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation."

What is the vulnerability?

The vulnerability is caused by a memory heap overflow issue which is triggered when a user accepts a malformed RTP packet via a video call request. This in return results in corruption and crashing of the application.

Only WhatsApp's Android and iOS clients are affected, as they're the only ones who use the Real-time Transport Protocol (RTP) for video conferencing. WhatsApp's web client is not affected because it uses WebRTC for video calls.

"The bug exists because WhatsApp uses the Real-time Transport Protocol for video calls. WhatsApp for Web was unaffected because it uses WebRTC for video conferencing. The researcher has published proof-of-concept code on the websites, and instructions also on how to perform the attack," said Manish Kumawat, Director at Cryptus Cyber Security.

A WhatsApp employee said there was no evidence that hackers actually exploited the bug to launch attacks. A Google spokesman also said the company was not aware of the bug ever being used in an attack before getting patched.

"Although this vulnerability has recently been discovered, it is not known for how long it has been out in the open. It is possible that certain malicious hackers might already be exploiting this while staying undetected," said Ankush Johar, Director at Infosec Ventures.

However, Whatsapp has recently fixed the critical bug in Android and iOS application. As per reports, the bug was fixed by Facebook in early October.

Should you worry?

"Although the vulnerability is patched now, users must take this a lesson and stay vigilant while interacting with unknown people especially over e-channels such as email, e-chat applications and social media," said Johar.

Security of an individual is in his own hands and the only way to stay secure is to simply assume that no matter how you are communicating, someone, somewhere is already snooping on it and hence act accordingly.

Watch This Zee Business Video

Though the company has fixed this critical severity bug and the details are now available in the public domain, users should update to the WhatsApp’s latest version on Android and iOS," said Kumawat.

Last month, an ESET researcher Lukas Stefanko had discovered two 'Open Source' type Android-based spyware which was enabling hackers to read WhatsApp chat, steal passwords and other important information.