Centre warns WhatsApp users, cautions them against hacker attack via video call
The Narendra Modi government has issued an advisory to WhatsApp users, warning of multiple vulnerabilities in the instant messaging platform.
The Indian Computer Emergency Response Team (CERT-IN), a nodal agency under the Ministry of Electronics and Information Technology, has warned of vulnerabilities in WhatsApp for Android and iOS prior to v22.214.171.124, WhatsApp Business for Android and iOS prior to v126.96.36.199, WhatsApp for Android prior to v188.8.131.52 and WhatsApp for iOS for v184.108.40.206.
The CERT-in advisory has warned of multiple vulnerabilities in WhatsApp which could help a remote attacker to execute an arbitrary code on the targeted system.
According to the Centre’s advisory, the vulnerability exists in WhatsApp due to integer overflow. “A remote attacker could exploit this vulnerability to execute remote code in an established video call.”
WhatsApp also stated the same in its latest security advisory, saying, “An integer overflow in WhatsApp for Android prior to v220.127.116.11, Business for Android prior to v18.104.22.168, iOS prior to v22.214.171.124, Business for iOS prior to v126.96.36.199 could result in remote code execution in an established video call”.
The Centre has also cited the WhatsApp advisory on integer underflow, and warned that the remote attacker could exploit this vulnerability by sending a specially-crafted video file.
To protect themselves from such an attack, the WhatsApp users should update the app.
This comes at a time when WhatsApp has introduced new features for its users, the latest being ‘Call Link’. The feature helps users to join or start video and audio calls with just one tap. The users can easily share this call link individually or on groups and invite others to join the calls.