Another Pegasus-like spyware found targeting WhatsApp with MP4 files
New Delhi: If you have received an MP4 video file on WhatsApp from an unknown number, you could be a victim of a new kind of hacking which uses a recently discovered vulnerability of WhatsApp to install malicious spywares in phones.
This security vulnerability allowed a remote attacker to target phones by sending a video file in MP4 format.
When notified about the security breach, the Indian Computer Emergency Response Team (CERT) categorised the threat under "High Severity" category.
Pegasus-like features
Israel-based spyware maker NSO Group was under spotlight recently for allegedly providing technology [Pegasus spyware] that used WhatsApp's video calling feature to attack user's phones.
A security message notified by WhatsApp's parent company Facebook said, "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user."
Identified as CVE-2019-11931, this vulnerability message is similar to the one received by CERT from WhatsApp during the Pegasus snooping case.
According to the communication, this weakness could allow a remote attacker to force "Denial of Services (DoS) and Remote Code Execution (RCE)" which could be used to compromise any device running Android, iOS or Windows.
An attacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.
This security issue exists on both individual and business versions of the popular messaging app until the updates were rolled out in October earlier this year.
Although the latest security patch from WhatsApp claims to have fixed this problem, WhatsApp and Facebook have not given further details about the extent of possible execution of this exploit.
This comes even as the controversy around WhatsApp snooping refuses to die down, where phones of over a dozen activists, journalists and lawyers were allegedly compromised by an Israel-made spyware.
WhatsApp has been under fire for not providing adequate information to Indian authorities about the extent of attacks during Pegasus breach. The messaging app has sued NSO Group in a US court for violating its terms and conditions.
Government sources had earlier claimed that the information provided by WhatsApp is more of a "technical jargon" which didn't give much information about victims and extent of such attacks. WhatsApp had informed users separately about possible Pegasus attack on their devices.
Similar to the Pegasus incident, this vulnerability is also being called "a stack-based buffer overflow vulnerability".
According to CERT, "The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious mp4 file on victims system."
Courtesy: www.indiatoday.in
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
SIR in Gujarat: More than 17 lakh deceased voters found on electoral rolls
Ahmedabad (PTI): The ongoing Special Intensive Revision (SIR) of the electoral rolls in Gujarat has revealed that more than 17 lakh deceased voters were still included in the existing voter list across the state, a release by the office of the Chief Electoral Officer (CEO) has stated.
According to the release issued on Thursday, the SIR exercise started in Gujarat on November 4 with booth-level officers (BLOs) distributing enumeration forms in their designated areas.
The campaign will continue till December 11.
"In the last one month, enumeration forms have been distributed to more than five crore voters registered in the 2025 electoral roll. In most of the 33 districts, 100 per cent of the distribution has been completed. Work on digitising the returned forms is currently underway. So far, the digitisation work has been completed in 12 out of 182 assembly constituencies," it said.
These include Dhanera and Tharad of Banaskantha district, Limkheda and Dahod (ST) of Dahod district, Bayad of Aravalli district, Dhoraji, Jasdan and Gondal of Rajkot district, Keshod of Junagadh district, Mehmadabad of Kheda district, Khambhat of Anand district and Jalalpore of Navsari district.
Dang district is at the forefront in this work with 94.35 per cent digitisation of the counting forms, said the release.
"During this exercise, it was revealed that 17 lakh deceased voters were still included in the electoral roll across the state. More than 6.14 lakh voters were found absent from their addresses. It has been noticed that more than 30 lakh voters have permanently migrated," the release said.
BLOs found more than 3.25 lakh voters in the "repeated" category, which means that their names figured at more than one place, the release stated.
