WhatsApp vulnerability lets Hackers take over your WhatsApp account and phone.
Imagine receiving a video call on WhatsApp that lets someone else access your phone? Scary, right?
You may be thinking that it only happens in the movies, but a Google Project Zero security researcher “Natalie Silvanovich” found out a vulnerability in WhatsApp that allows hackers to control your WhatsApp just by video calling.
Natalie also published the proof along with the instructions to reproduce the WhatsApp attack.
The vulnerability is a memory heap overflow issue which only gets triggered when a user receives a specially created malformed RTP packet via a video call on WhatsApp. Receiving that call results in crashing the messaging app and corruption error.
WhatsApp web is not affected by this vulnerability as it relies on WebRTC instead of RTC. However, because of the vulnerability in RTP (Real-time Transport Protocol) implementation of WhatsApp, the flaw affects WhatsApp on Android and iOS along with other apps on both platforms.
Although this vulnerability only allows triggering memory corruption, another Google Project Zero researcher claims that just answering a call from an attacker could completely compromise WhatsApp. He says, “it’s a big deal”.
In short, hackers only need your phone number to completely take control of your WhatsApp account and spy on your conversations.
Natalie discovered and reported this vulnerability to WhatsApp team in August this year, and the company rolled out the update with patches on September 28th to Android devices and to iPhone users on October 3.
Researchers also discovered a flaw that lets hackers modify the content of messages sent in both private and group chats. The flaw allowed them to intercept in the way when WhatsApp mobile app connects with the WhatsApp web.
How to save yourself from WhatsApp hack?
Well, you don’t have to worry about it if you’ve recently updated WhatsApp. If you haven’t updated your WhatsApp either on Android or iOS, you should worry about upgrading now. Also, turn ON two-factor authentication from account settings.
Let us know what do you think about this NEWS in the comments section below!
Also, spread the NEWS to save others from this vulnerability.