WhatsApp vulnerability lets hackers hack accounts with a video call

A serious security vulnerability has just been discovered in WhatsApp. It allows attackers to hijack your smartphone via video calls.

In this article, we reveal how hackers can exploit this bug and which WhatsApp versions are safe for your iPhone.

WhatsApp video calls can lead to account compromise

Natalie Silvanovich, a Google Project Zero security researcher, discovered a vulnerability in WhatsApp that allowed a hacker to spy on a user’s smartphone while he/she makes a video call, one of the most used functions of the app.

According to Silvanovich, the memory corruption vulnerability lies in the implementation of non-webRTC video calls.

The vulnerability triggers when the app receives an RTP (Real-time Transport Protocol) package with an incorrect format, which then allows the attacker access to the user’s account.

WhatsApp hack

The entire RTP packet that triggers the bug could be sent through a call request. In other words, this error occurs when a user accepts a call from a malicious source that sends a malformed packet when connected.

Surprisingly, this flaw only affects the iOS and Android versions of the app since they use the RTP protocol for video calls.

The Web version of the messaging app remains completely unaffected because WhatsApp uses the WebRTC protocol for video calling on computers.

WhatsApp security team takes a month to release a patch

The researcher found the problem at the end of August and reported it immediately to WhatsApp. The security team fixed the flaw in the September 28 update for Android and in the October 3 update for iOS.

It’s shocking to know that it took the developers more than a month to fix such a major security flaw. During this period, users who used video calls may have exposed their accounts to hackers.

“This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp,” Tavis Ormandy, another Google researcher, posted on his Twitter handle.

How to fix WhatsApp’s video call vulnerability

If you want to protect yourself from this bug, you must definitely update WhatsApp right now. Only the current version of the app is protected against the bug.

More than 1 billion users use the messenger and it’s only a matter of time before hackers exploit this vulnerability – if they have not already done so.

Step 1. Check your WhatsApp version

You can check the which version is installed on your smartphone in the Settings or App Store.

For iOS, the latest version is 2.18.93. For Android smartphones, the latest safe version is 2.18.302 or 2.18.306. If you are not using any of these versions, move to the next step.

Step 2. Download the latest version  

Open the App Store and download the latest version of WhatsApp.

WhatsApp Messenger
WhatsApp Messenger
Developer: WhatsApp Inc.
Price: Free

Thankfully, the developers have patched the vulnerability. We only hope that the next time such a flow is discovered, we will receive a fix within days.

Leave a Reply

Share12
Tweet