WhatsApp Remote Access Vulnerability
Details of a remote access vulnerability in Facebook's WhatsApp instant messaging (IM) platform have been disclosed by security researchers.
Summary
Details of a remote access vulnerability in Facebook's WhatsApp instant messaging (IM) platform have been disclosed by security researchers.
Threat details
A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code or take control of an affected device.
The vulnerability appears to be a the result of a buffer overflow condition in WhatsApp's Voice over IP (VoIP) software stack when receiving specially crafted Secure Real-time Transport Protocol (SRTCP, IETF RFC3711) packets. This condition can be triggered by an attacker simply calling a target user, with their intended payloads encoded within the VoIP SRTCP data-stream. The target user does not need to answer the call, simply receiving it is all that is required for the payload to be initiated.
At the time of publication, this vulnerability appears to have only been exploited in highly targeted campaigns against humanitarian non-governmental organisations.
For further information:
Remediation steps
| Type | Step |
|---|---|
|
Facebook have addressed this vulnerability in the latest versions of WhatsApp. Users and organisations are encouraged to update their affected systems immediately. Organisations are also encouraged to review the Information Governance Alliance (IGA) instant messaging guidance to ensure the IM applications they use are fit for purpose. |
Last edited: 14 February 2020 2:48 pm