Security and integrity of encrypted messaging platforms have been very much in the news headlines in recent weeks, and most of these stories have intensive on the largest player in the field WhatsApp. WhatsApp platform has reinforced a number of vulnerabilities, the most tarnished of which saw the platform caution users that it had been compromised by the Israeli spyware firm NSO. WhatsApp parent company Facebook even launched legal action against NSO for their vulnerability attacks.
WhatsApp vulnerabilities have encompassed nation-state attacks, targeted hacking, and deceptive functionality, and just last month there was yet another defect confirmed when a security investigator revealed a bug that allowed an attacker to use a malevolent GIF image file to hypothetically access user content. That defect involved an attacker pushing a malicious GIF to a victim’s device through any network. With the GIF on the device, when the victim (WhatsApp User) opens the gallery within WhatsApp to send any image not necessarily the malicious one the hack triggers and the device and its contents become potentially vulnerable at Risk.
Now Facebook has quietly confirmed yet another security vulnerability on the platform, releasing an advisory notice on 14 November 2019 to warn that “a stack-based barrier overflow could be triggered in WhatsApp by sending a specially manufactured MP4 file to an Individual WhatsApp user.” There is little further information, but the threatening is a serious one compromised systems risk denial of service or even remote code execution on the infected device. This could pose the risk of malware being planted on an infected device, a device used to eavesdrop or even a remote takeover.
Facebook says the “potential issue” was discovered internally it was not disclosed by a security researcher nor was it intercepted in the wild. But in these days of increasing attacks on messaging platforms, such vulnerabilities need to be taken seriously and remedial action needs to be fast and thorough. A WhatsApp representative told us the platform is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistently with industry best practices. In this instance, there is no reason to believe users were impacted.
- Ethical-Hacking2020.02.18What is Penetration Testing – Introduction
- Cyber-Tech News2020.02.09How to make Online Payments via Debit/Credit Card from Pakistan – Top Best payment Cards in Pakistan
- Cyber-Tech News2020.01.05Iranian Hackers Group Breach: website for U.S. Government library with Pro-Iranian Message
- Operating Systems2020.01.05Windows 10 Pro +MS Office 2019 Updated Nov 2019 Download