A critical remote code execution vulnerability in WhatsApp allows hackers to deploy spyware remotely on the vulnerable devices.
The vulnerability was discovered earlier this month by WhatsApp, and it can be tracked as CVE-2019-3568. The vulnerability resides in “WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
It affects the following versions that include Android before v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
The vulnerability can be exploited by making a WhatsApp call to the vulnerable iPhone or Android device and infect the call whether the recipient answered the call or not. Also, the logs of the incoming call were often erased.
The spyware in question was developed by Israeli cyber intelligence company NSO Group, according to Financial Times and the vulnerability was used to attack the phone of an UK-based attorney on 12 May 2019. " Selected number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.”
According to Cyber Crime Lawyer, Investigator and Expert Shri Snehal Vakilna from Gujarat " the WhatsApp vulnerability stemmed from an extremely common type of bug known as a buffer overflow. Apps have a sort of holding pen, called a buffer, to stash extra data. A popular class of attacks strategically overburdens that buffer so the data "overflows" into other parts of the memory. This can cause crashes or, in some cases, give attackers a foothold to gain more and more control. That's what happened with WhatsApp. The hack exploits the fact that in a VoIP call the system has to be primed for a range of possible inputs from the user: pick up, decline the call, and so on."
Whatsapp said the vulnerability was fixed on Friday and the patch released for end users on Monday, Whatsapp urges users to upgrade with the latest version to avoid infection.
The number of users impacted with this vulnerability remains unknown, according to the company only a small number of users were targeted.
WhatsApp messenger owned by Facebook allows users to send text messages, voice calls, as well as video calls, images, and other media, documents, and to share the user location. Whatsapp is one of the world’s leading app used by 1.5 billion users worldwide.