WhatsApp fail let hackers steal user’s information

Facebook has discovered a critical vulnerability in WhatsApp that affects both Android and iOS devices. The fault consists on hackers sending malicious MP4 videos that allows them to steal personal information from users stored in the app.

As Facebook explains: “A buffer overflow (stack-based buffer overflow) could be triggered in WhatsApp by sending a specially crafted file to a WhatsApp user. This issue was present in the analysis of the elementary metadata of an MP4 file and can result in a DoS or RCE attack”.

In this case, the DoS attack is about the overload of the victims’ systems so that the device or their network ceases to be active, thus obtaining access to information theft. On the other hand, RCE is a computer attack where the hacker can make the victim’s device execute the code remotely while he is in charge of developing his own programming to obtain full access to the device.

This failure is generated due to a software error that occurs when a program does not adequately control the amount of data that is copied and stored in a memory designed for it.

If the amount of data destined to be stored in it exceeds its capacity, the remaining bytes are stored in adjacent memory areas, overwriting their original content, which usually belongs to data or codes stored in memory.

K.Villarroel

Source: abc