WhatsApp Users, Your Data is at Risk! Check Out
India's nodal agency for responding to cyber security threats warns WhatsApp users.
India's nodal agency for responding to cyber security threats warns WhatsApp users. Indian Computer Emergency Response Team (CERT-In) has issued an alert for WhatsApp users in India about a new bug with which hackers can remotely access your smartphones. It has categorised the vulnerability as "high".
"The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device," WhatsApp confirmed the bug.
Know about CERT-In's warning
1. It claims that the security flaw allows hackers to break into WhatsApp through MP4 file.
What is MP4 File?
MP4 file extension is a compressed file format that transmits videos, audio and subtitles.
2. The flaw does not need any authentication from the WhatsApp user. When the user downloads the maliciously crafted file on their device, it gets executed.
3. The hackers can use WhatsApp security loophole for spying with the help of the bug. Hackers can add malware on users' devices and steal sensitive files.
4. Hackers can control devices remotely. With the help of remote code execution, hackers can access a user's smartphone/PC remotely and make changes.
5. The device can be geographically located anywhere.
How can users avoid this security threat?
CERT-In has advised users to upgrade to the latest version of WhatsApp.
Affected WhatsApp versions include
The issue affects WhatsApp for Android prior to v2.19.134; WhatsApp Business for Android prior to v2.19.44; WhatsApp for iOS prior to v2.19.51; WhatsApp Business for iOS prior to v2.19.51; WhatsApp for Windows Phone prior to v2.18.348; and WhatsApp for Tizen prior to v2.18.15.
Last week Facebook also issued a similar warning
Facebook also warned about the security flaw in WhatsApp late last week. "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number," reads the Facebook advisory.