WhatsApp bug allows hackers to plant malware using video files
Sending a "specially-crafted MP4 file to a WhatsApp user" could allow hackers to access information on users' phones.
By TAMAR URIEL-BEERI
Facebook's WhatsApp, a leading messenger platform, announced a new bug in the system which would allow hackers to access the phone's data using a malicious video file."A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user," the company announced.Facebook did not announce what led them to discover the vulnerability, according to Forbes magazine.The newest bug in the system comes after a series of announcements regarding different successful hacks of the system, the most prominent of which was by NSO, an Israeli cyber surveillance company. Facebook and WhatsApp filed a complaint in a US federal court against the company following the detection of "a new kind of cyberattack involving a vulnerability in the video-calling feature," according to Will Cathcart, head of WhatsApp, who spoke with The Washington Post earlier last month.The attack took place throughout April and May, during which the company sent malware through WhatsApp to the cellular devices of over a thousand human rights defenders, journalists and more. Senior government officials in US-allied countries were targeted as well.“A user would receive what appeared to be a video call, but this was not a normal call,” Cathcart said. “After the phone rang, the attacker secretly transmitted malicious code in an effort to infect the victim’s phone with spyware. The person did not even have to answer the phone.”Amnesty International Israel released a statement on the most recent NSO fallout, stating, "Although the company claims to be conducting a thorough investigation process before selling its products, this claim is lacking in detail. And, given the number of attacks on innocent civilians using its products, the process has already proved itself as [all for show]."NSO Group's flagship software is Pegasus, which is capable of controlling and collecting information from targeted mobile devices.