WhatsApp, the Facebook-owned messaging app has asked its 1.5 billion odd users to update to the latest version of the app after the company discovered a vulnerability within the app that could potentially put millions of users at risk. According to reports, a new vulnerability within the app would allow hackers to remotely install spyware on devices that run WhatsApp. What makes this vulnerability of particular concern is that that it does not require any sort of action on behalf of the end user to fall victim to it. While we are yet to find a post on the WhatsApp blog that talks about this issue, Facebook did acknowledge the same in a security bulletin.
What is the vulnerability? How am I at risk?
Tracked as CVE-2019-3568, the vulnerability is described as a ‘buffer overflow vulnerability in WhatsApp VOIP stack that allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number’. In simpler language, the attacker could execute code on a vulnerable device by simply making a series of WhatsApp calls to the victim’s number. As baffling as it may sound, what we are saying here is that the victim does not need to execute a code ( which is the most common way in which people get their devices infected with malware) or do any action on their part to save their devices from being infected. The interesting thing about this vulnerability is that it is platform independent. This means Android, iOS, Tizen, and even Windows Phone users (yes people still use Windows phone) are at equal risk.
How to ensure you don’t get infected?
In case you are a WhatsApp user, you need to be aware of the fact that this vulnerability affects all Android versions prior to v2.19.134. In case you are a WhatsApp Business user on Android, make sure you are not using a version that is older than v2.19.44. Moving on to iOS, you need to update to v2.19.51 to protect yourselves. WhatsApp Business users on iOS should update v2.19.51. For Windows Phone and Tizen, ensure that your devices run v2.18.348, and v2.18.15 or higher, respectively. In a statement to CNBC, a WhatsApp spokesperson reportedly confirmed that people should upgrade to the newest version of the app to stay protected from this vulnerability.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices”
While a manual update at this point of time, it is always advisable that you turn the auto-update option on to ensure you are always protected against such vulnerabilities.