India’s nodal agency for responding to cyber security threats/incidents has a warning for WhatsApp users. Indian Computer Emergency Response Team (CERT-In) has issued an alert for WhatsApp users in the country about a new bug that allows hackers to remotely access computing devices/smartphones. It has classified the vulnerability as “high”. Here’s all you need to know about CERT-In’s warning and more …
The security flaw allows hackers to break into WhatsApp through MP4 file
What is MP4 file
MP4 file extension is a compressed file format that can carry videos, audio and subtitles.
Flaw does not need any form of authentication from WhatsApp user
The flaw does not require any form of authentication from WhatsApp user. It gets executed when the maliciously crafted file is downloaded on the user’s device.
The bug allows hackers to use WhatsApp for spying
Hackers can use the WhatsApp security loophole to add malware on users’ devices and steal sensitive files and can also use it for spying purpose.
Hackers can remotely control devices
Remote code execution allows hacker to access someone user’s smartphone/PC remotely and make changes.
The device can be geographically located anywhere.
What users need to do
CERT-In has advised users to upgrade to the latest version of WhatsApp.
Affected WhatsApp versions include
This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.
Facebook issued similar warning last week
Facebook too warned of the security flaw in WhatsApp late last week. “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,” reads the Facebook advisory.