WhatsApp voice call feature used by attackers to inject malicious spyware

On Monday, WhatsApp, a Facebook-owned instant messaging service, has reported the existence of vulnerabilities that allowed hackers to spy on its users.

WhatsApp reported that the hackers had created a malicious code, which was implanted in a victim’s device via a WhatsApp’s voice call feature. Whether or not one picked the call, the spyware was still installed on .

However, users did not quickly notice the calls since they disappeared from the apps’ call log. The attack-involved manipulation of data sent when beginning a voice a call. When a victim phone receives these packets, the internal buffer could force an overflow, thus overwriting apps memory giving full access to the attacker.

The malicious code bypassed WhatsApp’s end-to-end encryption giving the attacker access to a user’s encrypted messages, contacts, and even photos among other data stored in a victim’s device. The spyware could allow attackers to gain access to encrypted messages, contacts, and yet photos, among other data on a victim smartphone. The vulnerability affected both Android and iPhone user and even windows phone users.

The Spyware was purportedly created by an Israel private cybersecurity group, NSO. However, the Facebook-owned messaging service reported that the vulnerability has already been patched. Facebook engineers managed to patch the flaw, which was termed as CVE-2019-3568 so you should update your WhatsApp as soon as possible.

Have anything to add to this article? Leave us a comment in the comments section below. In the meantime, follow or subscribe to our newsletter to ensure you don’t miss out on any future updates.

Facebook Comments

Alvin Wanjala

Alvin Wanjala has been writing about technology for over 2 years. He writes about different topics in the consumer tech space. He loves streaming music, programming, and gaming during downtimes.

Have anything to add to this article? Leave us a comment below

Back to top button