[ad_1]
On Tuesday, a researcher from Google's Project Zero Security Team released a report revealing how WhatsApp users could lose control of their account simply by answering a video call from a bad actor.
Natalie Silvanovich published her findings on the Google Chrome blog and explained that the vulnerability was discovered in August and was immediately reported to Facebook, the parent company of WhatsApp. Project Zero looks for vulnerabilities and companies have 90 days to fix them before the results are made public. In this case, Silvanovich said that a patch had been deployed for Android on September 28 and applied for iOS on Oct. 3.
Gizmodo contacted Facebook to confirm that the patch was in place, but we did not receive an immediate response. On Wednesday, a WhatsApp spokesman told Reuters:
We regularly work with security researchers around the world to ensure that WhatsApp remains secure and reliable. We quickly released a patch for the latest version of WhatsApp to fix this problem.
Silvanovich explained that the vulnerability was working by triggering a corruption error and crashing the application when a malformed RTP packet was received. The technique – a video call to a user with the hope of answering – has been identified as a very simple method of dissemination, although it is not necessarily the only one. This reminds us that even if a hacker can only get the phone number of a potential victim, there are ways to exploit it. With 1.2 billion users, WhatsApp represents a tempting attack surface. "It's a big problem," Tavis Ormandy, Silavovich's Google colleague. tweeted. "Answering an attacker's call could completely compromise WhatsApp."
The report comes just days after Facebook announced its new Portal videophone, a version of the product that immediately sparked skepticism, as Facebook has been plagued by privacy and security scandals for years.
[[[[Natalie Silvanovich, Reuters]
[ad_2]
Source link
