WhatsApp voice call feature used by attackers to inject malicious spyware

On Monday, WhatsApp, a Facebook-owned instant messaging service, has reported the existence of vulnerabilities that allowed hackers to spy on its users.

WhatsApp reported that the hackers had created a malicious code, which was implanted in a victim’s device via a WhatsApp’s voice call feature. Whether or not one picked the call, the spyware was still installed on .

However, users did not quickly notice the calls since they disappeared from the apps’ call log. The attack-involved manipulation of data sent when beginning a voice a call. When a victim phone receives these packets, the internal buffer could force an overflow, thus overwriting apps memory giving full access to the attacker.

The malicious code bypassed WhatsApp’s end-to-end encryption giving the attacker access to a user’s encrypted messages, contacts, and even photos among other data stored in a victim’s device. The spyware could allow attackers to gain access to encrypted messages, contacts, and yet photos, among other data on a victim smartphone. The vulnerability affected both Android and iPhone user and even windows phone users.

The Spyware was purportedly created by an Israel private cybersecurity group, NSO. However, the Facebook-owned messaging service reported that the vulnerability has already been patched. Facebook engineers managed to patch the flaw, which was termed as CVE-2019-3568 so you should update your WhatsApp as soon as possible.

Have anything to add to this article? Leave us a comment in the comments section below. In the meantime, follow or subscribe to our newsletter to ensure you don’t miss out on any future updates.