How the Attack Worked
This is a particularly scary attack, as there’s not much the user can do to combat this bar uninstalling the app. There are no links to click or websites to visit; the hacker simply calls the victim’s WhatsApp number, and it injects the malware payload after the call has been received. This attack used what’s called a “buffer overflow” to get into people’s apps. Buffer overflow attacks are when hackers cause malicious code to “leak” into the source code of the software they want to attack. Software and apps have a buffer within that can be used to input things. If the software isn’t careful with how it handles the buffer, a hacker can ask the software to write data that’s larger than the buffer size. The end result is that the malicious code “leaks” into the source code, at which point the hacker can modify the software and make it do as they please. Of course, when a WhatsApp user receives a call, the app needs to know what the user wants to do with it. Therefore, it uses the buffer to store the action the user wants to take, such as answering the call or hanging up. In this window of opportunity, the hacker could stuff code into the buffer and cause it to overflow into the app’s code, then use this foothold to steal data.
How Do These Attacks Happen in the First Place?
Buffer overflow attacks happen when a software programmer doesn’t double-check to ensure that user input can’t overflow the buffer. Typically, programmers tell the software not to accept data entries that are too large. For example, if an app asks a user for a name, and there’s only room for ten characters, it has to double-check the input to ensure it doesn’t contain eleven or more letters. If they don’t, they run the risk of people exploiting this flaw to cause a buffer overflow. Buffer overflows crash the software at best and create a hole for exploitation at worst. As such, it’s important that programmers tell their apps to look out for erroneous entries and deny any incorrect inputs before they go on the buffer.
How Can You Protect Yourself?
Hopefully, by the time you’ve read this article, you’re already safe from this attack! As soon as the news broke about this exploit, WhatsApp pushed out an update to fix it. If you haven’t done an app update in a while, it’s worth telling your phone to double-check and ensure it has the latest version of WhatsApp installed. Once installed, you’ll be safe from this attack and need not worry about missed calls again! But what if you’re unsure whether your WhatsApp has been updated? It’s worth double-checking your WhatsApp version to check if it’s updated. Facebook mentioned the affected versions in its alert: To check your WhatsApp version, boot up the app, tap the three dots at the top right, tap Settings, Help, and then App Info. You’ll see your version number on the resulting page. If you are running a vulnerable version, and your app isn’t updating itself, this is a severe problem. WhatsApp currently does not support disabling phone calls, so the absolute best way to ensure you don’t get infected is to uninstall the app entirely until the updated app hits your app store.
Hanging Up on WhatsApp Malware
A recent exploit of WhatsApp saw hackers taking advantage of a buffer overflow to attack people’s apps. Thankfully, all you need to do right now is update the app to fix this glaring fault. Does this hack make you more wary of using messenger apps for sensitive communications? Let us know below.
