Cyber Week Sale! 50% Off All Access

Is It Safe For You To Use WhatsApp? CERT-In has alerted users about a new vulnerability where hackers can attack the messaging platform using MP4 files

By Shreya Ganguly

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Shutterstock.com

While WhatsApp is caught up amid controversies, the Facebook-owned messaging app has landed itself in trouble again. Ministry of Electronics and IT (MeitY) run the Indian Computer Emergency Response Team (CERT-In) has alerted users about a new vulnerability. According to CERT-in, hackers can attack the messaging platform using MP4 files.

According to the official note, this vulnerability does not require any form of authentication from the victim and thus affects the system when the maliciously crafted file is downloaded by the user. "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a Denial of Service (DoS) or Remote Code Execution (RCE)," the note said.

For the uninitiated, according to reports, RCE is a situation where the hacker can get access to someone else's computing device and make changes no matter where the device is geographically located.

CERT-In also said that the vulnerability can affect people using android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. The national nodal agency has also advised the users to update their WhatsApp application and update it to the latest version.

In response to CERT-In's alert, WhatsApp spokesperson said, "WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted."

Is WhatsApp Safe?

The Facebook-owned messaging app has been making the headlines for the past few weeks due to privacy and data breach-related issues. In the latest privacy-related controversy, reports revealed that spyware "Pegasus' snooped into the phones of 1,400 people across the world earlier this year through WhatsApp. The Facebook-owned messaging platform had filed a case against Israel-based surveillance firm NSO Group in the federal court, accusing them of allegedly being involved in the breach.

According to WhatsApp, the company came across the cyber attack in May this year where its video calling feature was being compromised to send malware to users. According to media reports, through this attack, NSO helped the government spies get access to the phones of 1,400 users across four continents. The targets were mainly diplomats, political dissidents, journalists and senior government officials. "This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones," WhatsApp said in a statement.

Following this issue, it was reported that the Indian government planned to meet with Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) about the risks of allowing social media companies to offer online payment services. Keeping the risks in mind, the central bank asked NPCI to not allow a full-scale launch of WhatsApp Payments in India and also told the Supreme Court that the company is not compliant with data localisation norms.

Tussle In India

The messaging company has been locking horns with the Indian authorities since last year over launch of WhatsApp Payments and solving the issue of spread of fake news.

The central government has pulled up the Facebook-owned company after a fake news about kidnapping caused "unfortunate killings" in the country. Following several such incidences, MeitY has asked the company to devise a solution to trace the originator of the fake message. However, the company declined the request stating that this would require them to break its encryption feature.

In response, IIT Madras professor V Kamakoti, who serves on the board of National Security Advisory Board (NSAB) proposed ways to ensure traceability without breaking encryption. According to Prof Kamakoti, WhatsApp can embed information about the originator of a text along with the encrypted message. Such information will be encrypted but can be shown to law enforcement if the situation demanded.

According to a report by MediaNama, Dr Manoj Prabhakaran, a computer science professor at IIT Bombay said that Kamakoti's proposal might affect users' privacy. Prabhakaran who submitted his analysis on behalf of Internet Freedom Foundation (IFF) to the Madras High Court belives that traceability might not be an effective tool to combat fake news. He highlighted that one may hire several thousand people to serve as originators of content, thus the main brain behind this might remain untraceable.

Shreya Ganguly

Former Features Writer

Leadership

How to Master the Art of Delegation — Lessons From Andrew Carnegie's Legacy

Here's what Andrew Carnegie can teach today's entrepreneurs about leadership, teamwork and effective delegation.

Business News

Google CEO Sundar Pichai Says 'You'll Be Surprised' By How Google Search Changes Next Year

AI has already changed the look of search, but Google's CEO says there are more changes to come.

Business News

'This Is Nuts': TikTok Just Got Closer to Being Banned in the U.S — Here's Why

The TikTok ban could go into effect one day before the inauguration of President-elect Donald Trump.

Science & Technology

You Have 1 Month Left to Prepare for These 5 AI-Powered Marketing Changes — Act Now Before It's Too Late.

Big changes in 2025 will redefine marketing as AI evolves rapidly, offering growth opportunities but also risks. Learn how to stay ahead in this week's video, covering new search platforms and avoiding over-automation.

Growing a Business

This Breakthrough Technology is Poised to Accelerate Your Company's Growth

Discover a breakthrough technology stacked on top of generative AI, now poised to revolutionize businesses across nearly every sector. Unlock unprecedented growth and profitability potential, achieving levels once thought unattainable.