What if just receiving a video call on WhatsApp could hack your smartphone?
This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your app just by video calling you.
The vulnerability is a memory heap overflow issue which is triggered when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the app.
Since the vulnerability affect RTP (Real-time Transport Protocol) implementation of Whatsapp, the flaw affects Android and iOS apps, but not the Web edition that relies on WebRTC for video calls.
Silvanovich also published a proof-of-concept exploit, along with the instructions for reproducing the attack on the app.
Although the proof-of-concept published by Silvanovich only triggers memory corruption, another Google Project Zero researcher, Tavis Ormandy, claims that “This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp.”
In other words, hackers only need your phone number to completely hijack your account and spy on your secret conversations.
Silvanovich discovered and reported the vulnerability to the WhatsApp team in August this year. The team acknowledged and patched the issue on September 28 in its Android client and on October 3 in its iPhone client.
So if you have not yet updated your WhatsApp for Android or for iOS, You should consider updating now.
Two months ago, researchers also discovered a flaw in the way WhatsApp mobile app connects with the Web edition that allowed malicious users to intercept and modify the content of messages sent in both private as well as group conversations.
Source: TheHackerNews