A Google Project Zero researcher has discovered a serious vulnerability in video call protocols. Hackers could read all your chats
An old TV commercial used to say that a call could extend your life. Today, in reality, a video call could compromise your WhatsApp account once and for all. That, at least, is what Natalie Silvanovich, a cybersecurity researcher with the Google Project Zero group, claims.
According to the U.S. researcher, a critical vulnerability in one of the protocols used by WhatsApp making video calls could allow a hacker or digital malicious person to directly access our WhatsApp profile and spy on all your conversations. The vulnerability, Silvanovich claims, only affects the protocols used by the mobile version of WhatsApp, while WhatsApp Web would be immune to it: this means that only users who respond to video calls from smartphones are in danger.
How the WhatsApp vulnerability works
In her report, Silvanovich also describes how the vulnerability she found within WhatsApp's source code works. Specifically, the bug is located within the RTP (stands for Real-time Transfer Protocol) protocol that is used to send and receive video call data packets. A hacker who wanted to exploit the bug would simply have to make a video call with a malformed packet and crash the app. Upon restarting WhatsApp, the cybercriminal would have free access to all conversations on the compromised phone. All the cybercriminal will need is the phone number linked to the WhatsApp profile and that's it (for him).
How to defend against WhatsApp vulnerability
Because it is a "high-level" problem, a user can do little or nothing to prevent the hacker from exploiting the vulnerability. He or she can avoid responding to requests from video calls from unknown numbers, but it's not certain that the app will still stop working and, upon reboot, give the hacker access to your chats. The flaw, however, has been repaired in the first days of October: to protect your WhatsApp profile you just need to update the app to the latest version available on iOS or Android.