Facebook's WhatsApp Buffer Overflow Weakness, Exploit Impacts 1.5B Users

TL;DR: Facebook’s WhatsApp engineers for the past few days have attempted to patch a security flaw, labeled CVE-2019-3568, impacting users of Android, iOS, Windows phones (1.5 billion users) of the popular messaging application. In what’s known as a buffer overflow weakness, this particular strain allows a hacker to run malicious code on an infected phone. Access to chat, listening-in on calls, rifling through photographs, contacts, and a user’s camera and microphone are all feasible. Cryptocurrency users often keep substantial amounts of coins on their phones in wallets, and so enthusiasts with the app are encouraged to download the latest WhatsApp version.

WhatsApp Buffer Overflow Weakness, Exploit Impacts 1.5B Users

Through popular messaging software WhatsApp, all a malicious actor need do is apparently make a voice call, and they might gain access to the recipient’s phone content rather easily, according to widely published reports. Spyware takes hold through a buffer overflow flaw, manipulating data packets to force WhatsApp into overwriting memory, handing full control to the hacker. No need to fight the app’s highly touted end-to-end encryption, in other words.

Facebook's WhatsApp Buffer Overflow Weakness, Exploit Impacts 1.5B Users

Such exploits are highly coveted especially by governments. The Financial Times reported a company spokesperson as suspecting, “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems. We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”

Alerts about the exploit came early this month, and WhatsApp teams were dispatched to try and solve it. The number of victims isn’t at present known, and so far no cryptocurrency users have announced anything out of the ordinary. Several media outlets report Israeli company NSO Group is responsible for the surveillance software, as it is known for Pegasus, a similar program sold to government law enforcement agencies around the world. NSO has denied authorship of the WhatsApp vulnerability, however.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH. 

Facebook's WhatsApp Buffer Overflow Weakness, Exploit Impacts 1.5B UsersCONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.