WhatsApp Hacked – Attackers Exploit Android and iPhone using WhatsApp Calling.
WhatsApp has critical remote code execution vulnerability which allows a hacker to deploy spyware remotely on Android & iPhone users.
Earlier this month a critical vulnerability was discovered by WhatsApp security research team themselves, which can also be tracked as CVE-2019-3568.
WhatsApp VOIP ( Voice Over Internet Protocol) stack allowed remote code execution with a specially crafted series of SRTCP packets sends to a target phone number.
The exploit affects IOS (Apple), Android and Windows phone Users, the vulnerability affects the current version and before:
You May like : WhatsApp Dark Mode should be rolling in 2019
- WhatsApp for IOS – v2.19.51.
- WhatsApp Business for IOS – v2.19.51
- WhatsApp for Android – v2.19.134
- WhatsApp Business for Android – v2.19.44
- WhatsApp for Windows phone – v2.18.348
- WhatsApp for Tizen – v2.18.5.
The vulnerability can be exploited by simple making a WhatsApp call to an iPhone or Android device that is running a vulnerable version of the application and the creepy fact about this vulnerability is that even if a person doesn’t answer the phone call the vulnerability can still be exploited to load malware & spyware on to the device from iPhone, Android, Windows Phone and Samsung Tizen OS. Also, the logs of the incoming call were often erased.
The spyware in question was developed by Israeli cyber intelligence company NSO Group, according to Financial Times and the vulnerability was used to attack the phone of an UK-based attorney on 12 May.
“Selected number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” WhatsApp spokesperson told Ars.
WhatsApp stated that the vulnerability was patch on Friday and release to its end users on Monday, WhatsApp is urging its users to upgrade to the latest version to reduce the risk of been exploit.
Android user should be aware of : New Advance phishing method target Google chrome for android
The number of users which are currently impacted by this exploit still remains unknown, but according to the company, only a small number of its user were targeted.
WhatsApp messenger owned by Facebook allows users to send text messages, voice calls, as well as video calls, images, and other media, documents, and to share the user location. Whatsapp is one of the world’s leading app used by 1.5 billion users worldwide.