Hi-Tech

WhatsApp Got a Bug which let Hackers Hijack Accounts with video call

WhatsApp Got a Bug which let Hackers Hijack Accounts with video call

Developers recently fixed a bug in Facebook's Whatsapp mobile app that allowed hackers to take over the application when users answered incoming video calls.

This is what was discovered by Natalie Silvanovich, a security researcher with Google's Project Zero security research team.

The vulnerability is a memory heap overflow issue which only gets triggered when a user receives a specially created malformed RTP packet via a video call on WhatsApp.

Another researcher at the same facility, Tavis Ormandy claims that the malware is so powerful that by just receiving the call from the attacker - the user's complete WhatsApp account can be compromised. Only the mobile users, both iOS and Android had the bug.

The vulnerability deals with how WhatsApp processes video calls over Real-time Transport Protocol or RTP.

She described the vulnerability as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation". It was detected by Google Project Zero Cybersecurity experts, way back in August, but it was only fixed earlier this month, reported ZDNet.




While assuring users that no evident suggesting any attack was carried out by hackers in practice, it however, advised that they [users] should consider updating to the latest versions of WhatsApp on iOS and Android.

However, because WhatsApp is not an open source application, no one outside of Facebook can evaluate the technology's source code to audit it for security issues or other bugs. "Therefore, this bug did not affect WhatsApp versions for the web, as it is based on the WebRTC protocol", Silvanovich said.

"WhatsApp cares deeply about the security of our users". And now as the WhatsApp bug has been patched, you need to update to the latest version available for Android and iOS.

Experts found in WhatsApp messenger new and unsafe vulnerability.

However, Paul Bischoff, privacy advocate at Comparitech, told IT Pro that he was sceptical of the claim that this attack could allow a hacker to remotely take over the victim's device and access their conversations.