WhatsApp Fixes Video Call Flaw That Allowed Account Hijack

Facebook has reportedly fixed a serious vulnerability that could have allowed hackers to hijack user accounts via a flaw with the video calling facility.

The flaw affected both the WhatsApp app on both Apple and Android devices, but not web users, as the browser-based client instead relies on the WebRTC protocol.

It comes after another major security incident at parent firm Facebook, after it reported last week that hackers have may have gained access to nearly 50 million accounts by exploiting flaws in the social network’s code.

Video calls

But according to ZDnet and The Register websites, the WhatsApp flaw could allow hackers to hijack the app (and thus the user’s account) if they answered an incoming video call in Android or iOS.

The hacker could potential send a malformed Real-time Transport Protocol packet, in order to corrupt the app’s heap memory and open it to attack

The flaw was apparently discovered by Google Project Zero’s Natalie Silvanovich, and she responsibly informed WhatsApp about it in August.

Silvanovich has now revealed the flaw after WhatsApp fixed it in early October.

Meanwhile a WhatsApp spokeswoman confirmed that it had acted “promptly” to fix the flaw.

“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable,” Ann Yeh, spokeswoman for WhatsApp told Reuters. “We promptly issued a fix to the latest version of WhatsApp to resolve this issue.”

The good news is that a WhatsApp employee familiar with dealing of the issue told Reuters that there was no evidence that hackers actually exploited the bug to launch attacks.

Popular app

It is worth remembering that WhatsApp is a widely used messaging service nowadays. Indeed, it is said to be used by more than 1.2 billion people around the world.

Facebook of course acquired WhatsApp in 2014 for a staggering $22bn, despite the fact that WhatsApp at the time had a tiny revenue stream.

WhatsApp co-founder Acton left Facebook in November last year, and he was followed by Jan Koum in May 2018, after he also reportedly clashed with Facebook’s attempts to use its personal data and weaken its encryption.

Quiz: Think you know all about Facebook?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Boss Denies Return To Office Mandate Is ‘Backdoor Layoff’

CEO Andy Jassy tells Amazon staff that the recent 5-day in-office mandate is not meant…

15 hours ago

Apple Set To Be Fined Under EU’s Tough DMA – Report

Tech giant Apple could be facing another hefty financial penalty, amid a report the EU…

16 hours ago

Serco Tracking Devices On Prison Vans Disabled After Cyberattack

Worrying development. Cyberattack on third party supplier disables tracking systems and panic alarms in Serco…

19 hours ago

UK Orders Chinese Entity To Sell Stake In Scottish Chip Firm FTDI

Chinese owner of Scottish fabless semiconductor firm FTDI ordered to sell majority stake, due to…

21 hours ago

Watchdog Says Vodafone, Three Merger Could Proceed With Certain Remedies

British competition regulator provisionally finds Vodafone, CMA merger can proceed, if 'remedies' on pricing and…

23 hours ago