WhatsApp Fixes Bug That Could Let Hackers Crash App During Calls

Share on Facebook Tweet Share Reddit Comment
WhatsApp Fixes Bug That Could Let Hackers Crash App During Calls

The bug affected WhatsApp for Android and iOS, but the company has now fixed the issue

Highlights

  • A memory corruption bug was found in the WhatsApp app
  • The bug only affected the Android and iOS clients
  • WhatsApp has fixed the issue in the latest update

WhatsApp has fixed a bug in its mobile apps on Android and iOS that could potentially allow hackers to crash the app during a call. A security researcher had discovered and reported the flaw to WhatsApp back in August. The company has now fixed the potentially serious issue and the details are now in the public domain. The researcher has explained the vulnerability as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation." This essentially means that the flaw left WhatsApp users vulnerable during video calls on the app.

Natalie Silvanovich, a researcher in Google's Project Zero security research team and a Tamagotchi hacker first spotted the WhatsApp vulnerability. In a bug report, Silvanovich says, "Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet." The malformed packet that triggers the crash could be sent through a call request. She adds, "This issue can occur when a WhatsApp user accepts a call from a malicious peer."

It is worth mentioning that just the WhatsApp app on Android and iOS were affected because they use the Real-time Transport Protocol (RTP) for video calls. The WhatsApp for Web client was unaffected since it uses WebRTC for video conferencing. The researcher has also published proof-of-concept code and instructions on how to reproduce such an attack.

We reached out to WhatsApp to comment on the bug and its fix, and received a statement from a company spokesperson, "WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue."

The issue also drew the attention of another Google researcher Tavis Ormandy, who in a tweet, said, "This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp," indicating that crashing the victim's app may not be the worst thing that could be done.

Notably, the bug was fixed on September 28 in the WhatsApp Android client and on October 3 in the iPhone client, Silvanovich said. Since the WhatsApp bug has been patched, the company recommended users should update to the latest version of the app on Android and iOS.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: WhatsApp
Micromax Launches Yu Yuphoria Smart TV With 40-Inch Full-HD Panel, Quad-Core Processor
Fortnite 6.02 Update Fixes Nintendo Switch and Xbox One Performance Issues, Adds Disco Domination Mode
 
 

Advertisement

 

Advertisement