Weeks after Pegasus, another breach threatens WhatsApp users via random video files
By Amritha Mohan Published on 17 Nov 2019 4:48 PM GMTHyderabad: Stay cautious about downloading video files sent through WhatsApp. Almost two weeks after WhatsApp confirmed a security breach through Pegasus, a new hacking threat transferred via MP4 files has been confirmed.
The popular messaging platform has come under public scrutiny again for revealing vulnerability. On November 14, Facebook, the social networking conglomerate that owns WhatsApp, issued an advisory stating, āA stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a denial of service (DoS) or remote code execution (RCE).ā
It means that the vulnerable/hacked MP4 file could trigger a DoS or an RCE, which translates into a cyber-attack. It is said that hackers may easily track userās information through these malicious video files. As per Facebookās advisory, this can affect Android versions before 2.19.274, iOS versions before 2.19.100, WhatsApp Business for Android versions before 2.19.104, WhatsApp Business for iOS versions before 2.19.100 and Windows Phone versions before and including 2.18.368.
The security issue becomes even more pertinent in the context of the recent snooping confirmed by Israeli spyware, Pegasus, which had hacked WhatsAppās video-calling system. Several journalists, lawyers and activists from India were reportedly under the surveillance of this spyware. The issue had sparked a bigger controversy wherein the government of India abjectly denied having permitted the spyware to conduct its surveillance operations through WhatsApp.
While the advisory issued by Facebook does not reveal much, this much is clear: that there is a security threat within the Facebook-owned app, and it needs to be immediately rectified. While WhatsApp claims that it is consistently working on the security of the app, it is up to ordinary users to guard themselves against suspicious files.