Skip to main content

WhatsApp flaw could have let hackers take control of a phone via an MP4 file

Have you received a strange MP4 file on WhatsApp recently? It’s probably best to avoid downloading it — at least until you update to the latest version. WhatsApp recently fixed a vulnerability that could have allowed hackers to send a specially coded MP4 file, and then remotely take control of a phone and access the messages and files stored on that device.

The flaw is known as CVE-2019-11931, and it affected Android devices with WhatsApp versions before 2.19.274, and iPhones with WhatsApp versions before 2.19.100. Currently, there doesn’t seem to be any indication that the flaw was actually exploited. Facebook, which owns WhatsApp, says the issue was discovered internally — not through any known attacks or a third-party security researcher.

Related Videos

“WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices,” said a Facebook spokesperson in a statement to The Hacker News. “In this instance, there is no reason to believe that users were impacted.”

There isn’t much extra information about the vulnerability or how it works, but as long as users update to the latest version of WhatsApp, they shouldn’t have any issues.

Recently, WhatsApp sued Israeli mobile surveillance company NSO Group over an exploit that was used to attack hundreds of different phones. These included the likes of human rights defenders, journalists, and more. This particular attack disguised malicious code as call settings, and allowed the attackers to deliver code to phones as if it came from WhatsApp’s servers. Once the initial code was delivered, attackers were able to inject more malicious code into a device’s memory. In total, 1,400 devices were affected.

In general, it’s recommended to ensure that all your apps are kept up to date, so as to make sure that any security issues are patched. There are other things you can do to ensure that your phone remains uncompromised. For example, if you have an Android phone, you can make sure to only download apps from the Google Play Store. It’s also important to always make sure that your version of Android or iOS is the latest version — especially considering the fact that security vulnerabilities often exist in the operating system.

Editors' Recommendations

WhatsApp Web gets a browser extension to beef up security
An illustration of WhatsApp web linked to phones.

WhatsApp on the Web is a convenient way to access the messaging service on a desktop, without the hassle of installing an app. However, with the web, there’s always a risk of bad actors trying to trick users. With that in mind, WhatsApp is now offering a browser extension that verifies if users are on the authentic web version, or if they are on a tampered page that can steal data and install malware among other evil deeds.
How to use it
The process of using the browser extension-based security system is easy. Just go to the Chrome web store and search for Code Verify, hit the blue Add to Chrome button, and you’re good to go. As of now, Code Verify only works on Chrome, Edge, and Mozilla Firefox, but a version tailored for Safari is also in the development phase.

Once the browser extension has been installed and pinned to the toolbar, it will start doing its code verification job automatically every time users visit the WhatsApp Web page. And to inform users about the activity status, a color-code indicator system has been put in place. A green icon means everything is fine and there are no security risks.

Read more
WhatsApp backups may soon count against Google Drive storage
Person texting on a smartphone using WhatsApp.

New evidence found in a beta build of WhatsApp for Android suggests that Google may no longer be offering unlimited storage for WhatsApp backups.

This probably shouldn’t come as a big surprise, as Google has gradually been clamping down on its unlimited storage offerings. For years, Google offered storage allotments for Google Drive customers that ranged from generous to downright unlimited, but the search giant has slowly been walking that back lately.

Read more
What is WhatsApp?

Launched in 2009, WhatsApp is a free, multi-platform messaging app that lets users make video and voice calls, send text messages, share their status, and more with just a Wi-Fi connection. Part of what makes this app appealing is that it works on various phone and computer operating systems, so you can continue your conversation anytime, anywhere. It can also take advantage of Wi-Fi and cellular data to make one-on-one or group calls, reducing the need for expensive calling charges. If this sounds exciting so far, keep reading to find out everything you need to know about WhatsApp.

Free international calls
WhatsApp uses your phone's cellular or Wi-Fi connection to facilitate messaging and voice calling to nearly anyone on the planet, alone or in a group, and is especially nice for families and small collaborative workgroups. The app lets you make calls, send and receive messages, and share documents, photos, and videos. WhatsApp is completely free -- with no fees or subscriptions -- because it uses your phone's 5G, 4G, 3G, 2G, EDGE, or Wi-Fi connection instead of your cell plan's voice minutes or text plan. If you’re connected via Wi-Fi, it won’t eat into your data plan, either.

Read more