WhatsApp Bug Let Hackers Use Video Calls to Take Control of Accounts

October 11, 2018, 6:11 PM UTC

A researcher for Google’s Project Zero security team on Tuesday revealed in a report that a bug affecting the messaging app WhatsApp would enable bad actors to take control of a user’s account by answering a video call.

The problem was exposed by Natalie Silvanovich, a member of the team, who published the findings on Google’s blog and said the issue was discovered in August, Gizmodo reported.

According to Silvanovich, the vulnerability was triggered when the WhatsApp application received a malformed Real-time Transport Protocol (RTP)—which delivers audio and video via IP networks—packet. Once the packet was received by the user’s device, it would trigger a corruption error and shut down the device. In this case, the bug was transported in the form of a video call, and affected both Android and Apple devices.

“This is a big deal,” researcher Tavis Ormandy who works on the same Project Zero team, tweeted. “Just answering a call from an attacker could completely compromise WhatsApp.”

The bug was fixed in early October, Facebook said. “We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable,” the company said.