Most of the people are glued to WhatsApp these days and circulating MP4 files is common practice. If you receive an MP4 file on WhatsApp sent by someone you need to be very careful by guarding against downloading it, as hackers may use this critical vulnerability in the Facebook-owned app to execute snooping attack on both Android and iOS devices. The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyber-attack. Users are recommended to update their WhatsApp app to avoid being beleaguered.
Facebook has already issued an advisory stating “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The vulnerability is classified as ‘Critical’ severity that affected an unknown code block of the component MP4 File Handler in WhatsApp,”. The same is reported on gbhackers.com too.
“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”The news comes on the heels of an Israeli software Pegasus by cyber intelligence company NSO Group that exploited its video calling system to snoop on 1,400 selected users globally and in India, including human rights activists and journalists. The problem mounted into a political one and the Indian government denied either obtaining or preparing to purchase the notorious software in question.
“We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson had said in a statement to Social media.
The new vulnerability is found in Android versions prior to 2.19.274; iOS versions prior to 2.19.100; Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.Hackers can use the WhatsApp vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purpose.
“The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication,” claimed the report. The critical WhatsApp vulnerability can be tracked as CVE-2019-11931.
When we spoke to some hackers about this, on the condition of anonymity he told AV, “There are software like NEXSPY which allows you to track, record, and monitor the whole lot on targeted phone, including WhatsApp messages. It is an affordable spying tool which you will find very easy to use. There is dedicated website and open source, that helps you learning what it is all about and how it can help you spy WhatsApp messages. Everything is well-presented and well-explained so that you can use the software for your monitoring purposes in the most convenient way possible”
Another grey hat hacker told, “These days lot of people want to hack WhatsApp and get access to a person’s vital data and monitor their activity. Hacking someone’s WhatsApp messages is very common, because some want to spy their spouse or business rivals and others want to protect their kids from cyberbullying and prevent them from risky comportment. The employer wants to catch a cheater and of course to track signs of the employee’s inappropriate conduct to prevent data leaks. Reasons can be anything, but WhatsApp hacking is possible through various ways.”
Another anonymous hacker said, “WhatsApp is an encrypted messaging platform that allows any user to send text, audio, and rich media messages, make voice and video calls from a smartphone and other mobile devices for free. That’s why it is popular among internet users. Parents, employees, and individuals can be interested in having WhatsApp spy software with the latest sophisticated features that will be able to work with any version of WhatsApp. These days 99 per cent of population is addicted to this medium and they randomly receive and circulate messages, there you give the catch to exploit your device”