It has been announced for some days the discovery of a new vulnerability to hack the WhatsApp application.
This vulnerability is apparently based on an MP4 file, which would camouflage the attack. this security flaw discovered by cybersecurity experts at GBHackers has been categorized as a critical flaw.
This article will also interest you: Government officials targeted by a wave of Whatsapp hacking
Indeed, this vulnerability would allow a hacker to access the contents of your smartphone by simply sending me a file in MP4 format specially designed for this purpose. This security flaw applies to the WhatsApp app on Android and iOS mobiles.
According to the researchers, this vulnerability could allow hackers to siphon data from the smartphones on which it was implanted (the MP4 file). The critical nature of the security flaw then lies in the fact that anyone who is in control of the process can recover data from the smartphone that could be infected as a result of sending the corrupted MP4 file.
And that's about all the data. Whether they are made up of photos, videos, directory data or other data. Indeed, the security notice very soberly named "CVE-2019-11931", which was filed by Facebook (the parent company of WhatsApp bought since 2014) a few days ago, explains that the vulnerability of the messaging application comes from a bug that will be linked to a "battery-based" buffer overflow.
While the US social network did not give further details, it is known from the information that has circulated since then that the security flaw could allow hacker to remotely execute a code, such as the installation of malware, which could make possible the infiltration of the affected smartphone to access the encrypted exchanges. This puts the encryption protocol in a bad way from start to finish.
Because if the latter can assure a person by sending a message, that he is the only one who can read it with his interlocutor, this vulnerability allows not only to exfiltrate the conversation but also to have access to the real content without encryption. as well as the photos and videos that will be exchanged. "Hackers can take advantage of this vulnerability to deploy the screwed file on the user's device in order to steal sensitive files and use it for surveillance purposes," says GBHackers researcher.
However, it is not clear how this vulnerability. The only thing known is that you need a file in MP4 format to exploit it. WhatsApp, for its part, seeks to reassure the sum of users regarding this recent security breach. Taking into account clues from the developer who discovered the flaw, there is no way to assume that this vulnerability has already been exploited by hackers "WhatsApp is constantly working to improve the security of its service. we let's make public reports on potential problems we're fixing constantly following industry best practices. In this case, it there is no reason to believe that users have been affected."
Moreover, the security flaw would only affect the recent version of the WhatsApp app on iOS and Android. Older versions being strangely removed from the problem. The affected versions are:
Below version 2.19,100 on iOS
Below version 2.19.274 on Android
Below version 2.19.104 for Business for Android
Below version 2.25.3 for the corporate customer
Below version 2.18.368 for Business for Windows Phone
Below version 2.19,100 for Business for iOS
Therefore, all WhatsApp users are advised to update their apps as soon as an update becomes available. Which will not be lacking these days.
Now access an unlimited number of passwords: