Earlier this week, a security researcher from Google discovered a vulnerability in WhatsApp that would have turned answering a video call into an open door for hackers. The good news is that the flaw has not been spotted in use in the wild and a fix has already been issued. Whether or not users actually follow through and update their apps remains to be seen.
Described as a ‘very simple delivery method‘ by Gizmodo, the vulnerability involved Real-time Transfer Protocol (RTP)–a network standard for sending audio and video over IP networks. By sending a malformed RTP packet, the bug could corrupt and crash the app if the video call was received.
“Essentially, hackers using this method could hijack a victim’s phone if they simply answered a call, with the potential of remotely accessing a device’s contents and WhatsApp conversations,” explains ITPro.
The news is especially timely, given that parent company Facebook just rolled out a video phone called Portal, for face-to-face conversations.
Both WhatsApp and Facebook have had their share of security issues this year. In August, a bug was discovered in WhatsApp that could allow messages and identities to be manipulated. And just a couple weeks ago, Facebook announced a data breach that affected 50 million users.
Commenting on the WhatsApp video bug, Gizmodo notes, “It’s a reminder that even if a hacker is only able to get a hold of a potential victim’s phone number, there are ways to exploit it. With 1.2 billion users, WhatsApp represents a tempting attack surface.”
Get the full story at Gizmodo.