A serious security vulnerability has just been discovered in WhatsApp. It allows attackers to hijack your smartphone via video calls.
In this article, we reveal how hackers can exploit this bug and which WhatsApp versions are safe for your iPhone.
WhatsApp video calls can lead to account compromise
Natalie Silvanovich, a Google Project Zero security researcher, discovered a vulnerability in WhatsApp that allowed a hacker to spy on a user’s smartphone while he/she makes a video call, one of the most used functions of the app.
According to Silvanovich, the memory corruption vulnerability lies in the implementation of non-webRTC video calls.
The vulnerability triggers when the app receives an RTP (Real-time Transport Protocol) package with an incorrect format, which then allows the attacker access to the user’s account.
The entire RTP packet that triggers the bug could be sent through a call request. In other words, this error occurs when a user accepts a call from a malicious source that sends a malformed packet when connected.
Surprisingly, this flaw only affects the iOS and Android versions of the app since they use the RTP protocol for video calls.
The Web version of the messaging app remains completely unaffected because WhatsApp uses the WebRTC protocol for video calling on computers.
WhatsApp security team takes a month to release a patch
The researcher found the problem at the end of August and reported it immediately to WhatsApp. The security team fixed the flaw in the September 28 update for Android and in the October 3 update for iOS.
It’s shocking to know that it took the developers more than a month to fix such a major security flaw. During this period, users who used video calls may have exposed their accounts to hackers.
“This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp,” Tavis Ormandy, another Google researcher, posted on his Twitter handle.
This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp. https://t.co/vjHuWt8JYa
— Tavis Ormandy (@taviso) October 9, 2018
How to fix WhatsApp’s video call vulnerability
If you want to protect yourself from this bug, you must definitely update WhatsApp right now. Only the current version of the app is protected against the bug.
More than 1 billion users use the messenger and it’s only a matter of time before hackers exploit this vulnerability – if they have not already done so.
Step 1. Check your WhatsApp version
You can check the which version is installed on your smartphone in the Settings or App Store.
For iOS, the latest version is 2.18.93. For Android smartphones, the latest safe version is 2.18.302 or 2.18.306. If you are not using any of these versions, move to the next step.
Step 2. Download the latest version
Open the App Store and download the latest version of WhatsApp.
Thankfully, the developers have patched the vulnerability. We only hope that the next time such a flow is discovered, we will receive a fix within days.