The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Whatsapp vulnerability

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
February 04, 2020Mohit Kumar
A cybersecurity researcher today disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which, if exploited, could have allowed remote attackers to compromise the security of billions of users in different ways. When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. Discovered by PerimeterX researcher Gal Weizman and tracked as CVE-2019-18426 , the flaws specifically resided in WhatsApp Web, a browser version of the world's most popular messaging application that also powers its Electron-based cross-platform apps for desktop operating systems. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a s

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users
October 29, 2019Swati Khandelwal
Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service. Earlier this year, it was discovered that WhatsApp had a critical vulnerability that attackers were found exploiting in the wild to remotely install Pegasus spyware on targeted Android and iOS devices. The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered. Developed by NSO Group, Pegasus allows access to an incredible amount of data from victims' smartphones remotely, including their text messages, emails, WhatsApp chats,

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones
May 13, 2019Swati Khandelwal
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices. According to an advisory published by Facebook, a buffer overflow vulnerability in WhatsApp VOIP stack allows remote attackers to execute arbitrary code on target phones by sending a specially crafted series of SRTCP packets. Apparently, the vulnerability, identified as CVE-2019-3568 , can successfully be exploited to install the spyware and steal data from a targeted Android phone or iPhone by merely placing a WhatsApp call, even when the call is not answered. Also, the victim would not be able to find out about the intrusion af

Just Answering A Video Call Could Compromise Your WhatsApp Account

Just Answering A Video Call Could Compromise Your WhatsApp Account
October 10, 2018Swati Khandelwal
What if just receiving a video call on WhatsApp could hack your smartphone? This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app. The vulnerability is a memory heap overflow issue which is triggered when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app. Since the vulnerability affect RTP (Real-time Transport Protocol) implementation of Whatsapp, the flaw affects Android and iOS apps, but not WhatsApp Web that relies on WebRTC for video calls. Silvanovich also published a proof-of-concept exploit, along with the instructions for reproducing the WhatsApp attack. Although the proof-of-concept published by Silvanovich only triggers memory corruption, another Go

17-Year-Old Found Bugs in WhatsApp Web and Mobile App

17-Year-Old Found Bugs in WhatsApp Web and Mobile App
January 29, 2015Swati Khandelwal
Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web , but unfortunately it needs some improvements in its web version. An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users' privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug. Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations. Whatsapp Photo Privacy Bug According to him, the new version of WhatsApp Web allows us to view a user's profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to " Contacts Only ," the pro
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.