With just a single MP4 video your phone can be under control by the hacker. This vulnerability is detected in the most used application WhatsApp.
A new vulnerability has been detected in WhatsApp in which attackers will send an MP4 file to take control over your smartphone.
How it is detected?
It is first identified by the Indian Computer Emergency Response Team (CERT).
According to them, the vulnerability is found in WhatsApp in which a remote hacker can take access to the phone just by sending a compressed MP4 file.
The threat Note CIVN-2019-0181 has been categorized under ” High Severity “.
It will affect all the WhatsApp users
The issue of WhatsApp will be affected by both Android and iOS.
As per the WhatsApp security message notification, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system.”
According to the reports, more than 1 billion phones all over the world have been affected by surveillance software.
The issue at its rates became very important as the targets include 1400 diplomats, few government officials, Journalists, human rights activists.
How does it work
Basically it’s not a financial threat so it doesn’t require any authentication to access the phone. The malicious activates after downloading malicious crafted MP4 file on the receiver’s system.
This can be affected by all of the users whoever uses WhatsApp and particularly who tries to download the video type file.
Security message says “Successful exploitation of this vulnerability could allow the remote attacker to cause Remote Code Execution (RCE) or Denial of Service (DoS) conditions, which could lead to further compromise of the system.”
Remote Code Execution is usually used to run the malware on the device and the attack is used to steal information from the device without giving a hint to the user.
Prevent from the Vulnerability
This applies to all types of vulnerabilities
- Never ever download any unknow files from unknown numbers.
- Keep your WhatsApp up to date.
- If you find any unknown activities on your phone, take a complete backup of your files and reset your phone.
Facebook said, “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,”.
Android and iOS version under threat
- Android version prior to v2.19.134.
- WhatsApp Business for Android prior to v2.19.44
- For iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
The WhatsApp company statement
WhatsApp spokesperson said “We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,”.