U.S. Markets closed

WhatsApp bug could have let hackers read your messages by just sending a video

Anthony Cuthbertson
A security vulnerability with WhatsApp allows hackers to take over devices using a malicious gif: Getty Images

WhatsApp has acknowledged a security flaw within the app that allowed hackers to access people's messages by sending a malicious video file.

The Facebook-owned messaging app posted a security advisory about the bug, named CVE-2019-11931, which affects earlier versions of the app on both Android and iOS devices.

The advisory described the issue as a "stack-based buffer overflow" that was capable of triggering dangerous code through sending a "specifically crafted MP4 file to a WhatsApp user".

Facebook did not provide specifics about what the video might look like, or if victims needed to open the MP4 file in order for the hack to be executed.

A fix has been issued but users who have not downloaded the update for the latest version of WhatsApp are still vulnerable to the hack.

A spokesperson for the company said:"WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices.

"In this instance, there is no reason to believe that users were impacted."

Despite Facebook claiming that there is no evidence of the security flaw being exploited, it remains unclear whether any hackers attempted to target victims through the bug.

Last month, WhatsApp revealed that a "significant" number of activists and journalists were targeted with spyware reportedly developed by controversial Israeli software firm NSO Group.

Around 1,400 WhatsApp users received a message warning of the campaign and advising to update to the latest version of the app.

"In May we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices," the message stated.

"There's a possibility this phone number was impacted, and we want to make sure you know how to keep your mobile phone secure."

Read more

WhatsApp testing ‘disappearing’ messages in new update