Hackers exploit 0Day vulnerability in WhatsApp to transfer spyware | CVE-2019-3568
Hacking and Infosec Tech News Technology

Hackers exploit 0Day vulnerability in WhatsApp to transfer spyware | CVE-2019-3568
WhatsApp suffers a remote code execution vulnerability, which allows hackers to exploit WhatsApp users through a phone call - CVE-2019-3568

WhatsApp is the most popular messaging application claims to be the most secure social media platform. It was considered the most secure platform due to the variation of encryptions. Not only encryptions but also the security layers it uses to protect the users. But someone quoted a really beautiful line regarding security:

“Every new security comes with new vulnerabilities”

And another popular saying describes

“Security is an illusion”.

Well, let’s not act so dramatic and get back to the main issue.

0Day vulnerability in WhatsApp: CVE-2019-3568

Last Tuesday, WhatsApp was exposed to a Zero-Day flaw (CVE-2019-3568). This news was firstly reported by financial times. Which described the flaw as a new vulnerability in WhatsApp VoIP stack. According to researchers, it was a buffer overflow that allowed a remote code execution to WhatsApp VoIP. The RCE made the way through specially crafted SRTCP (Secure Real-Time Transport Control Protocol) packets. These packets were sent to the victim’s phone. Which means, the hacker could execute the malicious codes onto your phone through your contact number.

Read About: WhatsApp won’t work on these phones anymore

How will he do that? Well nothing much, just a call using WhatsApp call feature. Then what is he going to do after exploiting your device? The exploits were used to install spyware on targeted phones. The flaw was first acknowledged to WhatsApp when a UK based lawyer got infected. The security researchers after investigating the case issued some details. According to researchers, the exploitation doesn’t need the targeted user to attend the call. And in some cases, it was found that even the call logs were erased. The attackers could successfully and undetectably install spyware to the victim’s device. The vulnerability is now indexed in CVE (Common Vulnerabilities and Exposures) as CVE-2019-3568.

0Day vulnerability in WhatsApp
0Day vulnerability in WhatsApp

How many got infected? And how the attack started?

Accorded to WhatsApp spokesperson, it’s hard to tell exactly how many users got infected. And they’re also unable to tell how this attack begins. According to the Spokesperson, US law enforcement agencies are investigating the case. There not many details available about the attack. 

Read About: What is Nmap and how to use it as a hacking tool

Which devices are infected?

The issue indexed as CVE-2019-3568 affects WhatsApp prior to v2.19.134 and WhatsApp Business prior to v2.19.44 for Android. For iOS WhatsApp prior to v2.19.51 and WhatsApp Business prior to v2.19.51. On Windows Phone, WhatsApp prior to v2.18.348 and WhatsApp for Tizen prior to v2.18.15.

Is the issue fixed?

According to WhatsApp, they patched the vulnerability. WhatsApp released a new version with security patches on Friday, 10th May 2019. In order to eliminate the risks, WhatsApp users are instructed to update their app to the latest version.

Shehriar Ahmad
Shehriar Ahmad Awan is the Co-founder of Sprotechs InfoSec. He's a Cybersecurity researcher, Penetration tester and Developer for Sprotechs team.
https://sprotechs.com