Govt Security Agency Warns Against Remote Whatsapp Hacking: Do This Right Away For Safety
National cybersecurity agency CERT-In (Computer Emergency Response Team- India) has issued warnings for users of Whatsapp personal and business accounts.
CERT-In is the govt-authorised Indian tech watchdog that combats cyber crimes and protects the Indian digital space.
It operates under the Ministry of Electronics and Information Technology.
It has detected several vulnerabilities in the instant messaging app which could potentially lead to a large-scale data breach of personal and sensitive user data.
CERT-In has issued a severity rating of “high”. It affects those who presently have the old version of Whatsapp (personal) and Whatsapp business for Android installed i.e. prior to v18.104.22.168
For iOS it impacts versions of the same prior to v2.21.32.
In an official statement the cybersecurity body said that these vulnerabilities could allow an attacker working remotely to implement random code or gain access to user information from the systems of its targets.
Unfortunately, there are precedents for these kinds of incidents.
Vulnerable Whatsapp Security: Case 1
In Nov 2019 the agency had identified a buffer overflow vulnerability with Whatsapp.
A hacker could remotely gain access to a system using a bespoke MP4 audio or video file.
Affected users could lose functionality of the app as the attacker would then use remote code execution or denial of service condition
Vulnerable Whatsapp Security: Case 2
Last November another alert was issued for Whatsapp users.
They were cautioned against 2 major vulnerabilities detected which allowed cybercriminals “improper access control and use-after-free vulnerability”.
Improper access control vulnerability was detected in Whatsapp’s screen lock feature.
The vulnerability could be abused by using Apple’s voice assistant Siri to communicate and gain illegal access through the app.
Use-after-free vulnerability could be exploited by hackers in video calls during which they would send a custom-made animated sticker to reel in users.
Immediate Action One Must Take
The precautionary advisory stated that “these vulnerabilities exist due to a cache configuration issue and missing bounds check within the audio decoding pipeline”.
In order for users to safeguard themselves they have been urged to update their apps with the latest version as available on the app store.