Home Articles How Hackers Hacked WhatsApp Through Missed Calls

How Hackers Hacked WhatsApp Through Missed Calls

26
0

Recently, hackers compromised WhatsApp security through the process of missed call. Read on know how the hackers compromised WhatsApp users…

Recently, hackers compromised WhatsApp security through the process of missed call. The spyware which is installed on WhatsApp by the hackers is capable of trawling through calls, texts and other data, activating the phone’s camera and microphone and performing other malicious activities.

News about WhatsApp vulnerability was first reported by ‘The Financial Times’. It was reported that the bad actors were able to install the surveillance technology by phoning the target through WhatsApp’s call functionality.

Missed Call
A vulnerability in WhatsApp has been discovered that allowed hackers to install spyware through an infected WhatsApp voice call. WhatsApp users are being urged to update their WhatsApp smartphone apps immediately because of a security bug that allows hackers to take over your phone by simply calling it, whether or not you answer. It was reported that WhatsApp users did not even have to accept the call, and it was often hidden from logs.

The Vulnerability
The serious buffer overflow vulnerability lied in the audio call feature of WhatsApp. According to the advisory published this month, the bug, designated as CVE-2019-3568, is a buffer overflow vulnerability existing in WhatsApp VOIP stack that allowed Remote Code Execution(RCE). Remote Code Execution could be carried out using a specially crafted series of SRTCP packets sent to victims having WhatsApp. WhatsApp Business was also affected by this vulnerability.

The Source
In a statement to The Financial Times, WhatsApp actually told that a private company was abusing this vulnerability to conduct cyber espionage. “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society,” said WhatsApp.

It is speculated that the Pegasus spyware, created by the NSO Group, was largely exploiting this vulnerability.

Mitigation
Couple of days back, Facebook implemented a server-side change to help protect users and pushed out updates for the various smartphone WhatsApp versions. The bug is reportedly patched in WhatsApp versions v2.19.134 (Android), v2.19.51 (iOS), v2.18.348 (Windows Phone) and v2.18.15 (Tizen). WhatsApp Business also has been patched in versions v2.19.44 (Android) and v2.19.51 (iOS). Users are advised to update to the latest version using their respective app store.

WhatsApp users are strongly advised to check for updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device, the Microsoft Store on Windows Phones and the Galaxy app store on Tizen devices. In addition, uninstalling WhatsApp from your phone and installing the latest version will also protect you from the attack.

WhatsApp lists the most-up to-date version of its Android app on its site. You can find the version number of the app installed on your Android phone by long-pressing on the WhatsApp icon and selecting App info, or finding the list of apps in your phone’s settings. However, simply installing all the relevant app updates from your phone’s built-in app store is the best way to ensure you are using the latest signed and verified version of the app.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

+ 49 = 56