Google's Project Zero thwarts another major bug in Facebook's WhatsApp

Whatsapp was acquired by Facebook in 2014 for $19bn

Facebook, Inc. (NASDAQ:FB) says it has fixed a bug that allowed hackers take over accounts during video calls. According to the report by WhatsApp, the company has fixed the flaw for both - Android and iOS users.

As the fix has been released, there is no reason for concern now. Her post demonstrates how you can use the bug to crash the client in a few seconds over someone's smartphone.

It was discovered by Natalie Silvanovich who is security researcher with Google's Project Zero security research team.

Your WhatsApp will receive a malformed RTP packet when you are on a video call. WhatsApp web users were not impacted because it uses, what is called, WebRTC for video calls. The researcher has also published related proof-of-concept code and instructions about how to reproduced such an attack. "This is also the case with Google, which we just learned found a major security issue with its Google+ product and failed to make a public notification for months because they were afraid of public perception and fines".

Although this vulnerability only allows triggering memory corruption, another Google Project Zero researcher claims that just answering a call from an attacker could completely compromise WhatsApp. The bug was fixed in both the Android and iOS versions of the app, according to a report on ZDNet.

Facebook said it reacted "promptly" to fix the issue once it was identified.

"Last week, Israel's cyber-intelligence agency sent out an alert about a new hacking technique that relied on poorly secured voicemail inboxes to hijack WhatsApp accounts from their legitimate owners", said the report. The best idea is to keep ourselves up to date with the technology news and keep our selves and our related data safe. After that, the hackers get a chance to attack. The company reportedly gathered information about users through a personality app developed by Alexander Kogan, a Cambridge University researcher.

Related:

Comments


Other news