The Facebook-owned WhatsApp has claimed that no users were affected by the new security vulnerability in its app. According to the company, it has fixed the loophole in its application for both Android and iOS. The vulnerability allowed attackers to inject spyware into the smartphones by bypassing the owner’s consent. WhatsApp in a statement said that no users were harmed. It added that immediate steps were taken to fix the vulnerability to prevent hackers from taking control of the users’ smartphones. It also promised to constantly monitor for such risks and take preventive measures at regular intervals. It noted that WhatsApp is the world’s most popular instant messaging service. And perhaps this is why it is the favorite destination for hackers.
Once the spyware was installed on the victim’s phone, the remote attackers managed to take full control of the device. They were able to access WhatsApp data and all files stored in the memory of the device. To install the software, hackers used a compromised MP4 video file. They were sending malicious MP4 files to the users on WhatsApp. Once the MP4 file download was completed, hackers executed a script to infiltrate and gain control of the device. MP4 file formats are used to share songs and audio files. However, those who skipped downloading the MP4 file sent to them from unknown sources managed to secure their device. The script was executed only after the download. WhatsApp has advised its users to be careful while downloading any file from unknown sources.
This was the second time within a month when WhatsApp was hit by security vulnerability. Earlier, WhatsApp had accepted that its users were subject to surveillance. Hacker used Pegasus spyware for snooping. Pegasus was developed by Israeli surveillance company NSO Group. The spyware allowed hackers to infiltrate by just placing a missed call on WhatsApp. When the company learned about it, it fixed the vulnerability. WhatsApp accused the NSO Group of comprising its terms and conditions. WhatsApp also initiated legal steps against the company. It has filed a lawsuit in California federal court against NOS Group.