New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.

This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.

When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.

Pegasus-like features

Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.

A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."

Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.

According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.

An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.

This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.

Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.

This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.

WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.

Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.

Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".

According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."

Courtesy: www.indiatoday.in

Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.



Kolkata, Dec 15: The advertisement, in which Chief Minister Mamata Banerjee states that NRC and citizenship law will not be implemented in West Bengal, is unconstitutional and a head of government can't use public money for such campaigns, Governor Jagdeep Dhankhar said on Sunday.

Speaking to reporters at Raj Bhavan, Dhankhar called on those in position of power to not shirk responsibility as it is "no occasion to play politics".

"How can an elected head of a government use public money to give advertisement in national media that there will be no NRC, no CAB in state? This advertisement is unconstitutional," the governor said.

"As Constitutional head I had very gracefully invited her (CM) attention, I had urged her to withdraw it. I am sure you all will agree that public money can't be used to lead an agitation against law of the land," he added.

The governor has been at loggerheads with the Banerjee government over several issues.

Dhankhar, who described the law and order situation in the state as "unimaginable,'' said public property is being damaged in a wanton manner, ruthlessly and recklessly, and fear has been put in the minds of people belonging to a certain section of the society.

In an apparent reference to the chief minister, he said if there is situation she cannot manage, she should seek assistance. "Indian Constitution allows it."

"If she thinks she needs assistance from any quarters she should indicate. We cannot let anarchy to rule," he said.

Violent protests over the amended Citizenship Act continued to rock various parts of West Bengal for the third consecutive day with several incidents of vandalism and arson being reported from different districts.

"It is not an occasion to pay lip service, it is an occasion to be on action mode," Dhankhar said, adding that there seems to be total absence of accountability in certain quarters of the state.

"Police authorities could have anticipated the situation. They should have been more pro-active more involved. Emphasis should have been more to be on action mode," the governor said.

Dhankhar further said a certain section of the society is "hounded" in the state, particularly in Malda, Murshidabad and Nadia districts.

He said it is time for the chief minister to respect the Constitution and use her state machinery in a manner that confidence of people is restored.

The governor later tweeted "A delegation led by Member of Parliament and BJP state President Dilip Ghosh submitted a representation about the serious situation in the state and called for immediate intervention.

"The situation was termed as internal disturbance and virtual collapse of rule of law", Dhankhar significantly tweeted.

In another tweet late Sunday evening, Dhankhar said he has summoned the West Bengal chief secretary and the director general of police to brief him on the situation following violent protests in the state against the amended citizenship law.

The two senior officials have been called to Raj Bhawan Monday morning, Dhankhar wrote on his Twitter handle.