New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.
This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.
When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.
Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.
A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."
Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.
According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.
An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.
This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.
This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.
WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.
Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.
Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".
According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Melbourne: Shafali Verma's 34-ball 46 followed by a superlative performance from the bowlers helped India notch up a narrow four-run win over New Zealand in a crucial group A match of the ICC Women's T20 World Cup here on Thursday.
Invited to bat, India posted a below-par 133 for eight against New Zealand in the crucial group A match with Shafali top-scoring with a 34-ball 46 and Taniya Bhatia chipping in with a 25-ball 23.
India, however, produced a disciplined performance with the ball to restrict New Zealand to 129 for six and register their third successive win in the tournament.
With this win, India topped Group A, having beaten Australia and Bangladesh in their last two outing.
Defending the total, India introduced spin straight away but Deepti Sharma bled 12 runs with opener Rachel Priest (12) hitting her for two boundaries.
But experienced pacer Shikha Pandey removed Priest in the next over when she had her caught at mid wicket. With Shikha and left-arm spinner Rajeshwari Gayakwad bowling in tandem, New Zealand played with caution to reach 28 for one.
Back into the attack, Deepti then cleaned up Bates with a beauty of a delivery as New Zealand slipped to 30 for two.
Poonam Yadav and Radha Yadav then mounted the pressure on the Kiwis and soon the Black Caps were 34 for 3 when the former dismissed skipper Sophie Devine (14).
Maddy Green (24) and Katey Martin (25) then tried to resurrect the innings with a 36-ball 43-run stand. However, Gayakwad returned to remove Green, who danced down the pitch only to end up with an outside edge as Bhatia did the rest.
Radha then dismissed Martin to leave New Zealand at 90 for 5 in 16.3 overs.
Needing 44 off 21 balls, Kerr (34) blasted four boundaries to accumulate 18 runs in the penultimate over bowled by Poonam to bring the equation down to 16 off six balls.
In the final over, Heyley Jensen (11) and Kerr cracked a four each but Shikha held her nerves in the end to complete the win.
Earlier, 16-year-old Shafali provided the fireworks as India scored 49 for one in the powerplay overs. But they lost six wickets for 43 runs to squander the good start.
Smriti Mandhana (11), who returned to the playing XI after missing the last match due to illness, departed early but Shafali and Taniya (23) kept the scoreboard ticking, adding 51 runs for the second wicket.
In the 10th over, Taniya was caught by Amelia Kerr at backward point, while Jemimah Rodrigues (10) was caught by Kerr in the 12th over as India slipped to 80 for 3.
Skipper Harmanpreet Kaur's (1) poor form also continued as she was soon back to the hut after being caught and bowled by Leigh Kasperek.
Shafali, who was dropped at long-on in the 8th over and at mid-wicket in the 10th over, then holed out to Jensen at deep extra cover. She had four hits to the fence and three maximum shots in her innings.
Left-handed batter Deepti Sharma (8) and Veda Krishnamurthy (6) brought up the 100 in the 15th over but both departed soon as India slumped to 104 for 6.
Radha Yadav then blasted 14 off nine balls, which included a six in the final over, to give some respectability to the total.
India women: 133 for 8 in 20 overs (Shafali Verma 46; Amelia Kerr 2/21).
New Zealand women: 129 for six in 20 overs (Amelia Kerr 34 not out; Shikha Pandey 1/21).