Researchers have found a bug in WhatsApp messenger, giving hackers remote access by a simple video call that can take control of your app by video calling you over the app.
The newly discovered weakness by researcher Natalie Silvanovich is from the memory heap overflow type which is triggered when users receive specially created RTP packet by the hackers. This packed is received when the victim answers a video call and causes error crashing as a result of that and also crashing of the WhatsApp itself.
This vulnerability is oriented towards affecting the Real-time Transport Protocol, also known as RTP, which affects Android and iOS applications. The only secure place for now remains the web version of WhatsApp, which uses another protocol for video calls, known as WebRTC.
While Silvanovich has published work that only uses memory corruption, another researcher, Tavis Ormandy has stated that the problem is “a big deal” and can result in significant compromising of the app, since it only takes a call by the hacker to completely spy on everything you do on WhatsApp.
And although the issue was likely patched recently by WhatsApp, more flaws could always appear as we have seen it happen with WhatsApp before.
WhatsApp is not an app that is known for its explicit security as many bugs have been discovered in the app this year alone. One of them was the fact that data in WhatsApp was not encrypted when it was stored in Google Drive, so the backups uploaded on Google Drive have been automatically removed from it since no relevant storage security was able to be provided, because of the lack of encryption. This basically means that photos, videos, chat and other information sent via whatsapp was accessible not only by Google but by hackers as well:
Another problem with WhatsApp was that several bugs in the apps themselves exposed the Group Chats and allowed hackers to secretly gain access to group chats that were otherwise encrypted.
Researchers went on to discover that the exploit revealed that the problem came from security problems in the intermediary servers and how they were configured. So these vulnerabilities do point out that users should think twice before trusting WhatsApp with their information.