Once again, WhatsApp has exposed a vulnerability in its system that could have allowed hackers access to its users' phones.
The social messaging service has explained that it had discovered and fixed a vulnerability that could allow attackers to implant malicious code on a victim's phone by placing a voice call to the victim on WhatsApp to exploit them. Though victims may not even have needed to answer, the call for their phone to be infected.
This is a vulnerability that would have enabled attackers to take over the phone with a missed call. By calling a device, surveillance software could be remotely installed. The call might also be disappeared from the app's call log, as the per report says.
Whether WhatsApp using end-to-end encryption, the attack effectively bypasses this protection by reading messages from the recipient's device.
The Facebook-owned company said,
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via a specially crafted series of SRTCP packets sent to a target phone number.
A buffer overflow happens when a memory buffer is overwhelmed with data, causing the data to spill over into other memory spaces. This can actually create space in those other memory spaces where malicious code can run.
According to the reports, NSO Group, an Israeli cyber company that has developed a powerful piece of malware designed to spy on its victims.
Some believed to have been targeted via WhatsApp is a London-based human rights lawyer, who is advising on a case against NSO; though NSO has denied targeting the lawyer.
NSO Group said in a statement,
NSO would not or could not use its technology in its own right to target any person or organization, including this individual.
WhatsApp is urging users everywhere to update their apps after the discovery of a major vulnerability. It began rolling out a fix to its own servers on Friday, blocked attempts to expose the flaw as recently as Sunday.
Stock photo from Morrowind