Indian Cyber Agency CERT-In Warns WhatsApp Users About Breach of Sensitive Information

Sieeka Khan, Tech Times 18 April 2021, 09:04 am

CERT-In, India's cyber security agency, has cautioned WhatsApp users about certain vulnerabilities detected in the popular instant messaging app that could lead to breach of sensitive information.

WhatsApp vulnerability warning

The Indian Computer Emergency Response Team, or CERT-In, issued a high severity rating advisory for WhatsApp after discovering how easy it is to hack the app.

According to the agency, the vulnerability has been detected in WhatsApp's software, specifically for WhatsApp Business for both Android and iOS.

The CERT-In is the national technology arm to fight cyber attacks and guarding cyberspace in India.

The advisory stated that multiple vulnerabilities have been reported in WhatsApp applications, which could allow a remote attacker to execute arbitrary code or access the user's sensitive information on a targeted system.

Also Read: Signal Vs. Telegram Vs. WhatsApp: Which One is More Secure? Here are Their Security Features

The agency described the risk in detail and added that these vulnerabilities exist in the app's applications because of a cache configuration issue and missing bounds check within the audio decoding pipeline, News18 reported.

Successful exploitations of these vulnerabilities could allow the attacker to executive arbitrary code or even access the user's sensitive information on a targeted system.

The advisory added that WhatsApp users should update the latest version of WhatsApp from Google Play store or iOS App Store to counter the vulnerability threat.

WhatsApp hacking

Just recently, a warning was issued about a WhatsApp hack that could block users from their own account. The hack was revealed by Luis Marquez Carpintero and Ernesto Canales Perena, who talked to Forbes about how it works.

The two researchers revealed that the hacker installs WhatsApp and attempts to join using the user's phone number. The user will then receive the text message with the six-digit code to verify the number, even though it is not the user who requested it.

As the hacker tries to guess the code with incorrect codes and repeated new codes, the hacker will block the account. It will be 12 hours before any new codes can be sent.

All while this is happening, the user is the one getting the codes on their phone but since they can't do anything with them, the user usually ignores it.

This does not cause a problem, unless the user uninstall the app and reinstall it. The hacker will then register a new email address and sends an email to WhatsApp customer service, requesting account deactivation due to lost or stolen number. The hacker will include the user's phone number.

Without the user's knowledge, the account will be deactivated. Users will be stuck in the 12-hour block that the hacker caused, and the user will not be able to request a new verifying pin.

According to ESET's Jake Moore, this is a worrying hack that could impact millions of WhatsApp users who could be targeted with this attack.

A WhatsApp spokesperson stated that providing an email address with a two-step verification helps the customer service team assist people should they ever encounter this issue.

The circumstance identified by the researchers would violate the app's terms of service and WhatsApp encourage anyone who needs help to email the support team so they can investigate.