Developers recently fixed a bug in Facebook’s Whatsapp mobile app that allowed hackers to take over the application when users answered incoming video calls.
The bug, which affected Whatsapp applications on both Apple and Android smartphones, was discovered at the end of August by Natalie Silvanovich, a security researcher with Google’s Project Zero security research team. It is unclear, however, how the bug was discovered, although the vulnerability was described as a “memory corruption bug,” ZDNet reported Wednesday. Fixes for the Android and iOs versions were released on September 28 and October 3, respectively.
“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue,” Ann Yeh, a spokesperson for WhatsApp, recently told Reuters in an email.
According to the Facebook-owned company, there has been no evidence so far of any hacks using the exploit actually being carried out in practice, although they encouraged users to update the application.
“I think the major takeaway from this WhatsApp bug, like so many others, is how people are supposed to know what software to trust. Software bugs happen even with the most talented developers and even at major companies like Facebook,” web developer and technologist Chris Garaffa told Sputnik Wednesday.
However, because WhatsApp is not an open source application, no one outside of Facebook can evaluate the technology’s source code to audit it for security issues or other bugs.
“With an open source software project, the entire source code is available for anyone to look through, essentially allowing any person with the technical ability to read, review and suggest or make changes to the program’s code,” Garaffa noted.
It is nearly impossible to guarantee that any software will be completely free of bugs or security holes, Garaffa added.
“But I am more concerned with proprietary software from a commercial entity interested in maintaining its user base and profit margins,” Garaffa continued. “This is also the case with Google, which we just learned found a major security issue with its Google+ product and failed to make a public notification for months because they were afraid of public perception and fines.”
In a blog post released Monday, Google admitted that it exposed the personal information of thousands of its Google+ social network users through a bug that was present in its software between 2015 and 2018. The bug was discovered and patched in March 2018.
Facebook shares dropped 1.8 percent on Wednesday, which is not a first for the social media giant this year. In April, Facebook fell under scrutiny after its founder and CEO Mark Zuckerberg testified before Congress about a data breach in which the consultancy firm Cambridge Analytica obtained Facebook users’ private data, which was then used to predict and influence the behavior of US voters in the 2016 elections. The company reportedly gathered information about users through a personality app developed by Alexander Kogan, a Cambridge University researcher.
WhatsApp, which is used by more than 1.2 billion people globally, was acquired by Facebook in 2014 for $19 billion. The company did not immediately respond to a request for comment.