Technology, Top News

Google’s Project Zero thwarts another major bug in Facebook’s WhatsApp

FACEBOOK OWNED Messenger service WhatsApp has plugged a significant hole in its infrastructure in the latest in an ever growing list of privacy fails for the social network.

This new fault, discovered in late August by the team at Google Project Zero, was manifesting in the Android version of the app as well as iOS (Apple).

It allowed a video call armed with a trojan to force the app to bork and force close. It has been described by Tavis Ormandy at Project Zero as a “big deal”.

The problem was discovered by Natalie Silvanovich who spotted that video (such as a video call) could be tampered with during transit, with fake data packets being added to force the app to do unexpected things.

It’s thought that left unchecked it could be turned into a weapon was a more damaging payload endangering many of the 1.2bn worldwide users of the app.

It is not thought that the fault had been exploited at the time it was patched. Facebook described their action to fix the work as prompt:

“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable,” said a spokesperson.

As with other Project Zero discoveries, the team started a 90-day stopwatch on first spotting it. If Facebook had not fixed it in time, the vulnerability would have been made public as a warning to the public.

Google has been criticised for its “name and shame” policy after revealing several unpatched flaws from Microsoft on the eve of a Patch Tuesday fix. However, others have applauded the initative which seems to be having a positive effect on the speed at which zero days are being tackled. μ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend