WhatsApp call, especially the video one, is among the highly used services in India. Almost every one who uses WhatsApp uses the video and audio call service of the platform. It is especially popular among those who want to converse with people living abroad. It helps bypass the pricey regular telecom call. But the Indian government has now warned users to stay alert for hacker attacks via video conversations on WhatsApp.
The Indian cyber security agency CERT-In has warned of multiple bugs which could be exploited by a remote attacker to execute arbitrary code on the targeted system. In its advisory, CERT-In warned of two remote code execution vulnerabilities in Meta-owned WhatsApp in both Android and iOS versions.
The first vulnerability exists in WhatsApp due to integer overflow. The advisory read: “A remote attacker could exploit this vulnerability to execute remote code in an established video call.”WhatsApp has over 500 million user base in India.
What’s the solution?
The malicious code could result in the device getting all kinds of malware installed, or having sensitive data and identities stolen. WhatsApp’s new Call Link function, which enables users to share a direct link to a call, is claimed to be the reason for the new vulnerability. Call Link Function allows users to join video and audio calls with a single swipe. It just requires a link for users to get on board, and up to 32 persons can join the call.
CERT-In, which operates under the Ministry of Electronics, said the vulnerabilities are seen in: WhatsApp for Android and iOS prior to v126.96.36.199, WhatsApp Business for Android and iOS prior to v188.8.131.52, and WhatsApp for iOS v184.108.40.206.
The cyber security agency said users must upgrade the app to stop such attacks. Users whose mobile apps don’t update automatically are advised to update manually as soon as possible. WhatsApp has patched the major security vulnerability in its latest updates.