WhatsApp bug lets hackers take over your app simply by calling you. Here’s how to prevent it.
WhatsApp announced Tuesday it had resolved an issue wherein an unsuspecting WhatsApp user could forfeit control of their app to a hacker at the other end of an answered phone call.
According to a report from the Register, the vulnerability was discovered in August by Natalie Silvanovich, a researcher on Google’s Project Zero security team.
“This issue can occur when a WhatsApp user accepts a call from a malicious peer,” Silvanovich said in her report on the issue. “It affects both the Android and iPhone clients.”
It’s unclear whether the problem afflicts WhatsApp users on Mac or PC.
Other notable names in the security research space, like Tavis Ormandy, have pointed out the severity of this kind of hack.
How to make sure this doesn’t happen to you
According to the Register, WhatsApp users on mobile can protect themselves from the flaw by updating to the app’s latest version, in which the bug has been patched. You can grab the latest version of WhatsApp for iOS here and for Android here.
Silvanovich held off on making the vulnerability public knowledge until a fix was available, the Register reported. Now that word has gotten out about the gap in security, however, it’s even more crucial users grab the latest version. According to ZDNet, the chat app worked quickly to address this bug.
“WhatsApp cares deeply about the security of our users,” a WhatsApp spokesperson told ZDNet. “We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue.”
The messenger app told ZDNet it found no instance where this hack was actually carried out.
The Facebook-owned company was able to resolve the issue a couple months after researchers uncovered it. Facebook itself recently resolved its own hacker woes: A bug in its code allowed hackers to take control of more than 50 million Facebook accounts, an incident the company solved by logging out the impacted users.