Home
Apps
Apps News
WhatsApp Fixes Bug That Could Let Hackers Crash App During Calls

WhatsApp Fixes Bug That Could Let Hackers Crash App During Calls

By Sumit Chakraborty | Updated: 10 October 2018 14:17 IST

The bug affected WhatsApp for Android and iOS, but the company has now fixed the issue

Highlights

A memory corruption bug was found in the WhatsApp app
The bug only affected the Android and iOS clients
WhatsApp has fixed the issue in the latest update

WhatsApp has fixed a bug in its mobile apps on Android and iOS that could potentially allow hackers to crash the app during a call. A security researcher had discovered and reported the flaw to WhatsApp back in August. The company has now fixed the potentially serious issue and the details are now in the public domain. The researcher has explained the vulnerability as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation." This essentially means that the flaw left WhatsApp users vulnerable during video calls on the app.

Natalie Silvanovich, a researcher in Google's Project Zero security research team and a Tamagotchi hacker first spotted the WhatsApp vulnerability. In a bug report, Silvanovich says, "Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet." The malformed packet that triggers the crash could be sent through a call request. She adds, "This issue can occur when a WhatsApp user accepts a call from a malicious peer."

It is worth mentioning that just the WhatsApp app on Android and iOS were affected because they use the Real-time Transport Protocol (RTP) for video calls. The WhatsApp for Web client was unaffected since it uses WebRTC for video conferencing. The researcher has also published proof-of-concept code and instructions on how to reproduce such an attack.

We reached out to WhatsApp to comment on the bug and its fix, and received a statement from a company spokesperson, "WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue."

The issue also drew the attention of another Google researcher Tavis Ormandy, who in a tweet, said, "This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp," indicating that crashing the victim's app may not be the worst thing that could be done.

Notably, the bug was fixed on September 28 in the WhatsApp Android client and on October 3 in the iPhone client, Silvanovich said. Since the WhatsApp bug has been patched, the company recommended users should update to the latest version of the app on Android and iOS.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.