Are you safe from WhatsApp hack?
A zero-day vulnerability in WhatsApp was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. The popular messaging app discovered in early May that attackers were installing surveillance software on iPhones and Android phones – by calling victims using WhatsApp’s call function. Although WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”
Whatsapp has confirmed that the flaw – now patched which was a buffer overflow vulnerability in WhatsApp’s VOIP stack, which allows remote code execution via specially crafted series of SRTCP [Secure Real Time Transport Protocol] packets sent to a target phone number.
This simply means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.
“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.”
Security experts are urging WhatsApp users to update their apps as soon as possible: “Our best suggestion at the moment is to make sure your WhatsApp is up to date,” To do that, go to the Apple App Store or Google Play Store, look for WhatsApp and hit Update. If there’s no “Update” button, but you see the “Open” button instead, that means you have the latest version of WhatsApp, and it is already patched against such attacks.”