WhatsApp fixes bug that let hackers break into video calls

Doris Richards
October 11, 2018

Natalie Silvanovich, a researcher in Google's Project Zero security research team and a Tamagotchi hacker first spotted the WhatsApp vulnerability.

A bug in Facebook's WhatsApp messaging service allowed hackers to take over users' applications when they answered an incoming video call, technology websites ZDnet and The Register reported on Wednesday.

It's unclear whether the problem afflicts WhatsApp users on Mac or PC.

Silvanovich reported the vulnerability to WhatsApp at the end of August this year.

If the user takes a WhatsApp video call from a stranger or from a known person, but with ill intention, the latter could take over the victim's phone account and syphon off the sensitive contents.

According to Silvanovich's report, the bug is triggered when a user receives a malformed RTP packet, triggering the corruption error and crashing the application. She also published proof-of-concept code and instructions on how to reproduce the attack. Web users were not affected because they use WebRTC for video calls.

"Last week, Israel's cyber-intelligence agency sent out an alert about a new hacking technique that relied on poorly secured voicemail inboxes to hijack WhatsApp accounts from their legitimate owners", said the report. WhatsApp for iOS was fixed on 3 October.

WhatsApp's "Status " feature allows users to share text, photos, videos and animated GIFs that disappear after 24 hours.

Facebook said it reacted "promptly" to fix the issue once it was identified. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable.

In the Cambridge Analytica scandal, data of almost 87 million people was breached upon.

Other reports by Iphone Fresh

Discuss This Article