If your WhatsApp settings allow media files to be automatically saved to your device, there is a possibility that your device might be infected with malware.
Even as the controversy over Pegasus, an Israeli spyware that was reportedly used to spy on Indian users, rages on, the Maharashtra Cyber police on Monday issued an advisory about another vulnerability in WhatsApp, which was discovered by Facebook four days ago. According to the advisory, the malware exploits the instant messaging app by triggering a stack-based buffer overflow in its memory. Cyber police officers said every app has a core memory to hold incoming data and a buffer memory in case the incoming data overflows from the core memory.
“The malware is disguised as an MP4 media file and triggers a memory overflow to the buffer memory, which causes the app to lose control over itself for a short period. During this window, taking advantage of the disorientation, the malware embeds itself into the device,” an officer said.
The officer said once the malware infects a device, it can use it for any purpose, including a denial of service (DoS) attack or a remote code execution (RCE).
A DoS attack involves pinging a single server from a large number of infected devices, causing the server to get overburdened and crash. Targets for DoS attacks could be cellular or internet service providers, transport services or any other essential services. A crash in their servers could have a devastating domino effect on the working of a larger institution or system, like a country, depending on the scope of the attack.
An RCE, on the other hand, is an attack where a pre-written code is embedded into the device and can be executed without the perpetrator ever touching the device in question. The code can be written to do anything, from turning the device’s camera on to trigger surveillance to gaining access to sensitive details of the device user’s financial transactions.
“What makes the discovery of this vulnerability all the more concerning is that we currently have no idea how many times it has already been exploited before it was discovered, and for what purposes. It is also possible that it was being exploited to be used as a zero-day attack at a later date,” the officer said.
A zero-day attack is one where a pre-discovered vulnerability is exploited to embed malwares with a specific function in a large number of devices, with the function programmed to be triggered on all the devices at a specific day and time.
“Users are advised to turn off their auto-download option for media files and also not download any MP4 files from an unknown source. WhatsApp has released a patch for the vulnerability on all platforms, and users are advised to install it at the earliest,” Superintendent of Police Balsing Rajput, Maharashtra cyber said.