A bug in WhatsApp allowed hackers to hijack your account when you made video calls

October 11, 2018

Everyone loves using WhatsApp. It’s free and easy to use. That’s probably why over one billion people use the app every day to talk to their friends and family.

However, recently Google security researcher Natalie Silvanovich found a flaw in WhatsApp’s security that allowed hackers to hijack the app and ultimately your account when a user answer an incoming video call.

How the flaw worked

The attackers could hack the app by sending a malformed Real-time Transport Protocol packet. The RTP would corrupt the app’s heap memory and open it to attacks.

Related: WhatsApp introduces picture-in-picture mode for Android

The flaw affected both Android and iOS users. People who used WhatsApp Web for video calling weren’t affected, since the browser-based client relies on the WebRTC protocol.

Security patch

Silvanovich found the bug in late August and WhatsApp fixed the bug for Android users on September 28. It release the patch for iOS on October 3.