WhatsApp Messenger is once again in the limelight as a new security vulnerability has been discovered that allows hackers to steal personal information using specially-crafted MP4 file.
Once a user downloaded an MP4 file from the messaging application, hackers could execute a snooping attack. The vulnerability is discovered in both Android and iOS versions. The specially-crafted MP4 file triggers the remote code execution (REC) and denial of service (DoS) cyber-attack, reports GBHacker. This allows hackers to steal personal information of the user by deploying malware. It can be also used for snooping on users without their knowledge.
Facebook Advisory has published a bulletin about this vulnerability. The company said, “tack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”
This is not the first time WhatsApp is under scanner for its security. Previously, an Israeli software Pegasus exploited its video calling system to snoop on 1,400 selected users globally. In India, several human rights activists and journalists were under surveillance using the software. The malicious code was transmitted by calling users on WhatsApp and the method even worked when the call was not answered. WhatsApp has declined to give the exact number of those targeted but claims each affected user was informed.
Furthermore, the Indian Army has asked its officers to stay away from social media platforms like WhatsApp and Facebook. They have been asked to deactivate their Facebook accounts and not to use WhatsApp for any official communication.
The Army officers holding critical posts in all headquarters, divisions and brigades have been issued an advisory last month which states that WhatsApp is a vulnerable platform and so should not be used for any official communication.