Whatsapp discovered a bug in the app that enabled hackers to take over Whatsapp during an incoming video call. As per security researchers the bug only affected Android and iOS. Versions of the application.
The bug was identified by a security researcher named Natalie Silvanovich working with Google’s Project Zero security research team at the end of August this year. She identified that the bug functioned at corrupting memory “WhatsApp’s non-WebRTC video conferencing implementation.”
She further explained that “Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet,” Silvanovich said in a bug report. “This issue can occur when a WhatsApp user accepts a call from a malicious peer.”
The reason of behind WhatsApp’s Android and iOS clients are affected was closely associated with Real-time Transport Protocol (RTP) for video conferencing. Since it is used by Android and iOS clients they get affected by the bug whereas web clients stay immune as uses WebRTC for video calls.
The detailed report released by Silvanovich also provided proof-of-concept code and instructions for reproducing an attack. Such an attack for verifying the bug impact. Silvanovich has further agreed that Whatsapp has successfully in an update released on September 28 for the Android client and on October 3 for the iPhone client.
As per the statement given by WhatsApp spokesperson, “WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue,”
Facebook, the parent company confirmed that till now it had found no evidence of this kind of attack being carried out in practice but at the same time encouraged to update their mobile clients to prevent any expected abuse.
However, in context to rising vulnerabilities, Israel’s cyber-intelligence agency released an alert indicating to a new hacking techniques that has the capability to affect relied on poorly secured voicemail inboxes to hijack WhatsApp accounts from their legitimate owners.
The technique was first discovered and documented last year however it has already been abused and affected numerous users.