WhatsApp safety gap (2018)
The problem
In 2018, Google's Project Zero discovered a serious security vulnerability in WhatsApp. A specially crafted video call could disrupt the messenger's memory management, allowing attackers to inject their own code and thus take control of the victim's smartphone. What's particularly critical: The attack could occur without the user accepting the call.
The consequences
Billions of WhatsApp users worldwide were potentially at risk. A single compromised incoming video call was enough to install malware on the device or completely compromise the smartphone. Although WhatsApp quickly released updates (Android version 2.18.302 and later, iOS version 2.18.93 and later), many users remained vulnerable because they didn't update the app regularly.
The lesson
This incident underscores the importance of regular security audits and updates, as well as proactive security testing. Manufacturers should quickly identify and close vulnerabilities and effectively inform users about necessary updates. At the same time, users should update their apps regularly and be cautious of incoming calls from unknown numbers, especially video calls.
Ready to improve your testing processes?
Leave us your email address with your request and we will arrange a free initial consultation.