Earlier this week, WhatsApp video call bug was fixed by the messaging service in its Android & iOS versions of the mobile app that could have allowed hackers to crash the application during an incoming video call.
According to a report by ZDNet, this vulnerability was pointed out a month ago by Natalie Silvanovich, a security researcher with Google’s Project Zero security research team. “Memory corruption bug in WhatsApp’s non-WebRTC video conferencing implementation,” she said highlighting WhatsApp’s video call bug in her recent tweet.
In her report, Silvanovich has stated, “Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet,” adding, “This issue can occur when a WhatsApp user accepts a call from a malicious peer.”
Since real time Transport Protocol (RTP) for video conferencing is used by WhatApp’s Android & iOS clients only, any hack of malicious intent via WhatsApp video call bug could have impacted them. Consumers using WhatsApp’s Web app were safe as it used WebRTC for video calls. The proof of concept code & instructions for reproducing an attack has been published by Silvanovich.
Google vulnerability researcher, Tavis Ormandy, too, aired his concern via a tweet. According to him, if left exposed the bug could “completely compromise WhatsApp.” In an update released this week, WhatsApp has confirmed fixing the issue, ZDNet’s report stated.
The issue of the WhatsApp video call bug comes in the wake of an alert by Israel’s cyber-intelligence agency about a new hacking method that hinges on poorly secured voicemail inboxes for hijacking WhatsApp accounts, another of ZDNet’s report had stated. That hacking technique was 1st documented last year by an Israeli Web developer at Oath, Ran Bar-Zik. However, it started to be massively abused this fall.
The report stated that it could impact users who don’t change their phone voicemail account’s default password, which is either 0000 or 1234 for most cases. Therefore, the account stands vulnerable when hackers try to add the user’s phone number to a new WhatsApp app installation on their own phone.
