¿What will happen if your smartphone could be hacked through the videocall service of whatsapp?
This could sound like fiction, but a digital forensic expert called Natalie Silvanovich found a critic vulnerability in WhatsApp, the most used instant messenger service, that could have allowed a hacker to take full control of the app through the videocall tool.
Since the vulnerability affects the implementation of WhatsApp’s RTP (Real Transport Protocol) the error affects to iOS and Android apps, but not the the WhatsApp web version, because it’s based in WebRTC to make videocalls.
The digital forensic expert also showed an evidence of the vulnerability, also with the instructionsto execute the attack.
Altough the evidence published by Silvanovich only causes damages in the memory, another investigator, Tavis Ormandy, afirms that there is the problem. “The fact of responding a call of an attacker could completly compromise WhatsApp”, considers the expert.
In other words, hackers only need the phone number of teh victim to completly compromise their WhatsApp account and spy their conversations.
Silvanovich informed about the vulnerability to WhatsApp team this year in August. Whatsapp admited and solved the problem on Android in September, while the solution for iOS arrived a few days later.
If you haven’t updated your whatsApp for any operative system, digital forensic experts of the International Cybernetic Security Insitute recommend the instalation of teh update as soon as possible.
Two months ago, the investigators also discovered an error in the form that the mobile app of WhatsApp connects with WhatsApp web, that allows the malicious users to block and modify the content of the messages sent in private and groupal conversations.
All of this errors have been gradually soloved in the updates launched by the app developers.