If you haven’t updated your Whatsapp app in the last few days, do it NOW. Go to your app store and update it to the latest version before you start reading this article.
User information security and privacy are blazing topics under discussion nowadays. Facebook’s scandalous scandal with Cambridge Analytica, increasing amounts of bills passed dictating what information can and can’t be shared by tech companies, numerous data breaches happening frequently… there are too many to even count. However, they all seem to be pointing at a major flaw that we have let happen. There’s an overlap between our real lives and the amount of control that we have handed to digital services. And that looks like a tasty treat from the eyes of malicious people.
This time, it’s Whatsapp that is under the guillotine. A recent bug discovered on the Whatsapp mobile application might let hackers spy on users just by sending mp4 videos. This vulnerability, dubbed CVE-2019-11931, allows for a stack-based buffer overflow to be triggered, potentially opening backdoors and allowing the execution of numerous exploits which can and will compromise your security and allow unauthorized surveillance.
Whoa, slow down tiger, I hear you say. Vulner-a-what? What is it, and how does it affect me? – you ask.
Vulnerabilities and exploits:
Wikipedia defines vulnerability as a state of being exposed to the possibility of being harmed. Think of it this way- you have a house you want to secure. So, an open door, window or leaving the keys in unsafe places will be a vulnerability for you. Exploits are the attacks that make use of vulnerabilities. In our example, the open door will be a vulnerability and the burglar tip-toeing inside to rob it will be an exploit. Who knows, maybe the burglar might just snoop in to check stuff out and leave the place unharmed. In any case, leaving vulnerabilities is just unnecessary risk which can have pretty bad consequences.
This Whatsapp vulnerability is classified as one of ‘Critical’ severity, meaning that the exploitation of it could lead to major consequences. Exploits that make use of this vulnerability have the power to steal files, execute remote attacks for malicious hackers and steal your online identity.
But this doesn’t mean that users are completely powerless to stop such attacks. The folks over at Whatsapp have patched the flaw in the latest versions. As a result, versions after 2.19.274 for Android and 2.19.100 for iOS users are safe. In other words, users can avoid being targeted for this vulnerability by simply updating the app to the latest version.
The current environment is one where the rat-race between the bad guys and the good ones is speeding up and each party is trying to one-up each other. So, it’s best for us users to stay protected. Something as simple as going over what permissions you’re handing out to a fishy app or updating your applications regularly can help protect you from the vast world of security compromises.
After all, it’s better to be safe than to be sorry.