Facebook's WhatsApp says has fixed video call security bug

Facebook's WhatsApp says has fixed video call security bug

As the vulnerability in WhatsApp for Android was fixed on September 28th and iOS on October 3rd, Google Project Zero was able to disclose the vulnerability to the public.

We reached out to WhatsApp to comment on the bug and its fix, and received a statement from a company spokesperson, "WhatsApp cares deeply about the security of our users". Now that word has gotten out about the gap in security, however, it's even more crucial users grab the latest version.

"This is a big deal", Travis Ormandy, a researcher at Google Project Zero which discovered the bug, said on Twitter. The researcher has explained the vulnerability as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation".

"This issue can occur when a WhatsApp user accepts a call from a malicious peer", Silvanovich said in a bug report.

Silvanovich also published proof-of-concept code, along with instructions for reproducing the WhatsApp attack. The WhatsApp for Web client was unaffected since it uses WebRTC for video conferencing.

More news: Vikas Bahl sends notices to Anurag Kashyap, Vikramaditya Motwane for ‘defamatory remarks’
More news: Malaysia hailed over plans to abolish death penalty
More news: James Murdoch favorite to replace Elon Musk as Tesla chairman

"Last week, Israel's cyber-intelligence agency sent out an alert about a new hacking technique that relied on poorly secured voicemail inboxes to hijack WhatsApp accounts from their legitimate owners", said the report.

Should WhatsApp users be anxious?

"Rumours about Facebook fuelling ads on Whatsapp started popping up at the end of last month, stating that ads are coming to WhatsApp for iOS, and now same happens for Android, Android Headlines reported".

Facebook has suffered a string of security-related problems in the a year ago.

In the Cambridge Analytica scandal, data of almost 87 million people was breached upon.

Related Articles