What if just receiving a video call on WhatsApp could hack your smartphone?
I know it sounds like something out of a film, but Natalie Silvanovich a Security Researcher at Google Project Zero, found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue which is triggered when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app.
Since the vulnerability affect RTP (Real-time Transport Protocol) implementation of Whatsapp, the flaw affects Android and iOS apps, but not WhatsApp Web that relies on WebRTC for video calls.
Silvanovich also published a proof-of-concept exploit, along with the instructions for reproducing the WhatsApp attack.
Although the proof-of-concept published by Silvanovich only triggers memory corruption, another Google Project Zero researcher, Tavis Ormandy, claims that “This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp.”
In other words, hackers only need your phone number to completely hijack your WhatsApp account and spy on your secret conversations.
Silvanovich discovered and reported the vulnerability to the WhatsApp team in August this year. WhatsApp acknowledged and patched the issue on September 28 in its Android client and on October 3 in its iPhone client.
So if you have not yet updated your WhatsApp for Android or WhatsApp for iOS, You should consider upgrading now.
Two months ago, researchers also discovered a flaw in the way WhatsApp mobile app connects with WhatsApp Web that allowed malicious users to intercept and modify the content of messages sent in both private as well as group conversations.
As a footnote and while I for one am very pleased that both WhatsApp for Android and iOS have been patched and updated – does anyone answers random calls from strangers on WhatsApp???
I certainly don’t… maybe it’s the Risk Manager in me – but the Number One rule in my life both online and in real space is…
If in doubt don’t!
This would certainly guarantee I don’t answer random calls from unknown callers