Active Stocks
Thu Mar 28 2024 15:59:33
  1. Tata Steel share price
  2. 155.90 2.00%
  1. ICICI Bank share price
  2. 1,095.75 1.08%
  1. HDFC Bank share price
  2. 1,448.20 0.52%
  1. ITC share price
  2. 428.55 0.13%
  1. Power Grid Corporation Of India share price
  2. 277.05 2.21%
Business News/ Technology / App News/  WhatsApp worry and fallibility of a messaging app
BackBack

WhatsApp worry and fallibility of a messaging app

WhatsApp versions on Android and iOS that came after version 2.19.274 and 2.19.100, respectively, have been affected
  • Unlike last time, no users were affected by this new vulnerability, according to WhatsApp
  • WhatsApp versions on Android and iOS that came after version 2.19.274 and 2.19.100, respectively, have been affected (Reuters)Premium
    WhatsApp versions on Android and iOS that came after version 2.19.274 and 2.19.100, respectively, have been affected (Reuters)

    WhatsApp is no stranger to controversy—and it now finds itself in another one. A new vulnerability has been detected in the messaging app, which was recently given a stern warning by the government after the earlier Pegasus breach. Mint takes a look at these security issues.

    What was WhatsApp’s latest vulnerability?

    The new vulnerability allows attackers to send you an MP4 file which, when downloaded, lets them run malicious code and gain “remote access" to your smartphone. Getting remote access means an attacker can run malicious code on your phone to read texts and emails, listen to calls, use the phone’s microphones to listen to you, look at the photos and videos on your phone, monitor your location, and so on. Security researcher Ehraz Ahmed explains that the level of access to your personal files will depend entirely on the attacker. MP4 is a common file type for sending audio and video files.

    How is this different from Pegasus?

    Pegasus could be installed on your phone without your knowledge through just a missed WhatsApp video call. In the case of the new breach, a user has to manually download the MP4 file sent to them before any malicious code can be run. The problem is not with WhatsApp’s end-to-end encryption feature here. Getting remote access to your phone is the equivalent of actually holding it in one’s hand. End-to-end encryption is meant to stop attackers from stealing or snooping on chats in between. So, unless someone has access to your device, they can’t actually read your chats, even if they intercept them.

    The new vulnerability allows attackers to send you an MP4 file which, when downloaded, lets them run malicious code and gain 'remote access' to your smartphone
    View Full Image
    The new vulnerability allows attackers to send you an MP4 file which, when downloaded, lets them run malicious code and gain 'remote access' to your smartphone

    Which versions of WhatsApp were affected?

    WhatsApp versions on Android and iOS that came after version 2.19.274 and 2.19.100, respectively, have been affected. In addition, version 2.18.368 on Windows Phone, version 2.25.3 on the Enterprise client, version 2.19.104 of WhatsApp Business for Android, and version 2.19.100 for WhatsApp Business for iOS have also been affected.

    Which versions of WhatsApp were affected?

    WhatsApp versions on Android and iOS that came after version 2.19.274 and 2.19.100, respectively, have been affected. In addition, version 2.18.368 on Windows Phone, version 2.25.3 on the Enterprise client, version 2.19.104 of WhatsApp Business for Android, and version 2.19.100 for WhatsApp Business for iOS have also been affected.

    Was anyone spied on this time?

    Unlike last time, no users were affected by this new vulnerability, according to WhatsApp. That means that at least to the company’s knowledge, no one exploited this vulnerability to harm users. In the earlier attack, the Pegasus spyware made by Israeli security firm NSO Group was used against certain users, both in India and abroad, to steal their data and monitor their activities. NSO has maintained that its spyware is only sold to governments and government-approved security agencies.

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    ABOUT THE AUTHOR
    Prasid Banerjee
    An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
    Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Published: 21 Nov 2019, 11:23 PM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App