A few days back, we reported about WhatsApp Vulnerability that left users affected to Israeli Spyware. This vulnerability in WhatsApp used to allow the caller to install spyware on the device that is being called even if the call is not answered. This spyware was made by Israel based NGO Pegasus and it is sold to the government who want to gain access due to some reason for any device. From that time I was thinking how an app who keep on boasting about their security measures, two-step authentication and the list goes on, can be hacked. So, I have come up with some minor details regarding WhatsApp hack and decided to share it with all our readers. So in order to do so, hackers employed a bug in WhatsApp which is known as Buffer-Overflow Vulnerability. As the name implies, the buffer flow is an issue that occurs when the app is flooded with more data than it can store in its buffer or temporary storage.
WhatsApp Hack: Should we Stop using the App?
While discussing this hack, Rik Ferguson, VP security research at the security-software firm Trend Micro, said:
“A buffer overflow occurs when a programming error allows more data to be written to a given area of memory than can actually be stored there. The extra data flows into adjacent storage, corrupting or overwriting the data previously held there, and can cause crashes, corruptions, or serve as an entry point for further intrusions”
As revealed above, the hackers had intruded a bug (spyware) in owners phones without letting them know through a phone call even if they do not pick up the call. Many readers would be thinking that how is it possible to install spyware in the device when someone does not pick up the call? To understand this we need to know about the working of WhatsApp calling. WhatsApp uses the most widely used technology Voice over Internet Protocol (VoIP), that permit users to make and receive phone calls over the internet.
Ferguson said that when you receive a phone call through WhatsApp, the app sets up VoIP transaction and encryption. After it, it tells users about the incoming call so that he can either accept or decline the call.
“It is my understanding that the buffer overflow exploit occurs during this phase, which is why the recipient does not need to answer the call to be successfully compromised,”
Right now the number of devices affected due to this spyware is not confirmed however one thing is sure many iOS and Android devices are hacked due it. So if you are using WhatsApp, try installing the latest version so that if you are affected by government-grade spyware, you will be free of it.