Published: Thu, October 11, 2018
Tech | By

WhatsApp says has fixed video call security bug

WhatsApp says has fixed video call security bug

Memory corruption bug was found in WhatsApp's "non-WebRTC" video conferencing implementation.

According to a report from the Register, the vulnerability was discovered in August by Natalie Silvanovich, a researcher on Google's Project Zero security team.

Facebook Inc's WhatsApp messenger service said on Wednesday it has fixed the latest bug on its platform that allowed hackers to take over users' applications when they answered an incoming video call.

"Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet", Silvanovich said in a bug report. "Just answering a call from an attacker could completely compromise WhatsApp". In practice, the malformed packet that triggers the crash could be sent via a simple call request.

The hacker will ty to enter a legitimate user's phone number while installing new WhatsApp account on his or her own phone. The researcher has also published proof-of-concept code and instructions on how to reproduce such an attack. The vulnerability only affects Android and iOS apps, since they use the RTP for video conferencing.

"Rumours about Facebook fuelling ads on Whatsapp started popping up at the end of last month, stating that ads are coming to WhatsApp for iOS, and now same happens for Android, Android Headlines reported". WhatsApp web users were not impacted because it uses, what is called, WebRTC for video calls.

Notably, the bug was fixed on September 28 in the WhatsApp Android client and on October 3 in the iPhone client, Silvanovich said.

WhatsApp is used by more than 1.2 billion people around the world.


"This is a big deal".

Like this: