WhatsApp fixes video call exploit that allowed account hijacks

  • WhatsApp fixes video call exploit that allowed account hijacks

WhatsApp fixes video call exploit that allowed account hijacks

The researcher has explained the vulnerability as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation".

A spokesperson for WhatsApp told ZDNet there was no evidence the exploit had been used in the wild, and that it "cares deeply" about user security.

WhatsApp fixed the issue in an update released this week.

Facebook-owned messenger app WhatsApp has a deadly bug that allowed cybercriminals take over the account with just accepting one video call.

According to Silvanovich's report, the bug is triggered when a user receives a malformed RTP packet, triggering the corruption error and crashing the application.

Notably, the bug was fixed on September 28 in the WhatsApp Android client and on October 3 in the iPhone client, Silvanovich said.

WhatsApp announced Tuesday it had resolved an issue wherein an unsuspecting WhatsApp user could forfeit control of their app to a hacker at the other end of an answered phone call.

It is worth mentioning that just the WhatsApp app on Android and iOS were affected because they use the Real-time Transport Protocol (RTP) for video calls. The researcher has also published proof-of-concept code and instructions on how to reproduce such an attack. WhatsApp's web client is not impacted because it uses WebRTC for video calls.

"This is a big deal".

Silvanovich held off on making the vulnerability public knowledge until a fix was available, the Register reported.

What's more serious is that the security loop-hole was found in both the iOS and Android versions, meaning over billion and a half users were vulnerable to getting hacked on WhatsApp.