Year-End Learning Carnival: Get Free Courses and Up to 50% off on Career Booster Combos!
D H M S

Whatsapp vulnerability: What you should know

As most of us may be aware, Whatsapp is a free, popular cross-platform messaging service by means of which one can send text messages, voice messages, images, documents and make video calls. It is owned by Facebook and is currently used by over 1.5 billion people worldwide. The conversations that take place on Whatsapp makes use of end-to-end encryption.

  • On May 14th, 2019, the Financial times newspaper reported that the Facebook-owned Whatsapp platform had a critical vulnerability
  • It reported that hackers made Whatsapp voice calls to inject spyware onto user’s phones. The beauty of the hack was that the user did not even have to answer the call for the spyware to be injected.
  • This affected both Android and iOS users
  • Facebook advisory stated it is a ‘buffer overflow vulnerability’ in the Whatsapp VOIP stack which allowed remote code execution via SRTCP packets sent to the target phone number
  • The vulnerability is known as CVE-2019-3568 which has since then been patched
  • The affected versions of Whatsapp are: WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

How did the attack take place?

Whatsapp voice calls are made through VoIP or ‘Voice over Internet protocol’ technology rather than traditional phone lines.  While each hack and attack is a different learning experience, here is the learning from the latest Whatsapp hack:

The Whatsapp hack occurred by taking advantage of the ‘buffer overflow vulnerability’ which has existed for a very long time.

What is a ‘buffer overflow vulnerability’:

A buffer is a series of memory locations to hold integer or character data.  When data is trying to be pushed onto a buffer which can only hold ‘n’ number of characters, it overflows and moves into subsequent locations. This is ‘Buffer overflow’ or ‘Buffer overrun’. This causes the system to crash and hackers step in right here to exploit this ‘buffer overflow vulnerability’ to make the program function differently. As an example, if

char a[5];
is defined,
and if
a=”What a wonderful world”;

is assigned, it causes the buffer to overflow and either causes the system to crash or is prone to attacks. ‘Buffer overflow’ vulnerability can be mitigated to a certain extent with good programming practices.

In the case of the Whatsapp hack, when a VoIP call is made, a VoIP transaction is set up along with encryption. The recipient of the call can accept, decline or ignore the call. It is quite a possibility that the buffer overflow vulnerability was exploited at this stage and the spyware was injected onto user’s phones.

What happens if my Whatsapp account has been compromised?

If you haven’t received any missed calls from unknown numbers you are probably safe from the attack.

But if your number has been compromised, chances are that spyware is capable of spying on your pictures, messages, activating your camera and microphone and more malicious activities.

What you should do:

Given that Whatsapp is a globally used platform for messaging, it is quite a possibility that the vulnerability might be lurking on every user’s phone.

Hence, it is always a good practice to update to the latest version of Whatsapp which might include fixes for the latest bugs for both Android and Apple systems.

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
Your Guide to ISO IEC 42001
TOP
whatsapp