Popular Social Media application – WhatsApp – and its users are being warned of a newly discovered attack that allows hackers to infiltrate your private messages and group chats. Combined with other hacking and infiltration methods, the flaw could allow cyber criminals to impersonate you and even spread fake messages to your friends on the chat app.
The exploit — identified by Check Point Research cybersecurity analysts — is made possible by vulnerabilities between WhatsApp for mobile and WhatsApp for the web (which users have to synch to in order to send messages on their desktop).
In another instance of cyber attack, Google Project Zero In-house cyber security expert Natalie Silvanovich also found a critical vulnerability in WhatsApp messenger – allowing hackers to remotely take control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue which is activated when a WhatsApp user receives a maliciously engineered RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app.
According to Natalie –
“Since the vulnerability affect RTP (Real-time Transport Protocol) implementation of Whatsapp, the flaw affects Android and iOS apps, but not WhatsApp Web that relies on WebRTC for video calls.
The complex attack method will likely appear as incomprehensible jibberish to general users, but it essentially requires a hacker to insert itself between the app’s encrypted traffic.”
In response, the company “acknowledged” the flaws, explaining they’re part of the platform’s “design framework” but said it’s open to further discussion.
WhatsApp wrote in their statement –
“We believe these vulnerabilities to be of the utmost importance and require attention,”
“WhatsApp cares deeply about your safety.
“We encourage you to think before sharing messages that were forwarded.
“As a reminder, you can report spam or block a contact in one tap and can always reach out to WhatsApp directly for help.”