Government has a Warning for WhatsApp Users: 9 Things to Know

19 Nov 2019

1/10 : Govt has a warning for WhatsApp users: 9 things to know

India's nodal agency for responding to cyber security threats/incidents has a warning for WhatsApp users. Indian Computer Emergency Response Team (CERT-In) has issued an alert for WhatsApp users in the country about a new bug that allows hackers to remotely access computing devices/smartphones. It has classified the vulnerability as "high". Here's all you need to know about CERT-In's warning & more

2 / 10 : The security flaw allows hackers to break into WhatsApp through MP4 file

3 / 10 :What is MP4 file

MP4 file extension is a compressed file format that can carry videos, audio & subtitles.

4 / 10 : Flaw doesn't need any form of authentication from WhatsApp user

The flaw doesn't require any form of authentication from WhatsApp user. It gets executed when the maliciously crafted file is downloaded on the user's device.

5 / 10 : The bug allows hackers to use WhatsApp for spying

Hackers can use the WhatsApp security loophole to add malware on users' devices & steal sensitive files & can also use it for spying purpose.

6 / 10 :Hackers can remotely control devices

Remote code execution allows hacker to access someone user's smartphone/PC remotely & make changes.

7 / 10 :The device can be geographically located anywhere.

8 / 10 :What users need to do

CERT-In has advised users to upgrade to the latest version of WhatsApp.

9 / 10 : Affected WhatsApp versions include

This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before & including 2.18.368, Business for Android versions prior to 2.19.104, & Business for iOS versions prior to 2.19.100.

10 / 10 : Facebook issued similar warning last week

Facebook too warned of the security flaw in WhatsApp late last week. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file & could result in a DoS or RCE," reads the Facebook advisory.

Source Link

Picture Source :