Facebook has honored a 22-year-old civil engineer in India for discovering a WhatsApp bug that violated the privacy regulations. Zonel Sougaijam, who resides in Indian state Manipur, said that he discovered a bug in WhatsApp voice call that allows the caller to switch it to a video call without the authorization of the receiver.
Sougaijam stated that he reported the issue to Facebook in a bug bounty program. He said the Facebook security team acknowledged his report and fixed the bug within 15-20 days
The social media giant awarded Sougaijam with $5000 and included his name in the ‘Facebook Hall of Fame 2019’, for detecting the WhatsApp bug.
“During a voice call through WhatsApp, the bug used to allow the caller to upgrade it to a video call without the authorization and knowledge of the receiver. The caller was then able to see what the other person was doing, violating the privacy of the receiver,” Sougaijam said in a media statement.
Recently, WhatsApp revealed that it discovered a vulnerability in its network system that allowed hackers to install spyware via an infected WhatsApp voice call. The Facebook-owned social messenger stated the spyware can exploit the mobile device, its calls, texts, and other data. It can also activate the phone’s camera, microphone, and able to perform other malicious activities. According to Facebook, the malicious spyware was developed by Israel-based cyber intelligence company NSO Group.
According to Facebook, the mobile devices with WhatsApp or WhatsApp Business installed in them are affected, including Apple’s iPhone (iOS), Android phones, Windows Phones, and Tizen devices. However, the company clarified that it’s unclear on the number of people spied on by hackers.
Earlier, a survey has discovered that answering a WhatsApp video call can compromise your smartphone. According to Natalie Silvanovich, a digital forensics expert at Google Project Zero, a security bug in the WhatsApp messenger application allows attackers to take control of the smartphone by placing a WhatsApp video call. The security flaw discovered in August 2018 affected the WhatsApp application on Android and iOS devices, but not on WhatsApp Web, the research report stated. The Facebook-owned messaging app fixed the flaw on September 28 for Android platform and October 3 for the iPhone platform after Silvanovich reported the issue to the WhatsApp team.
Also, the Indian Army issued a warning to users of WhatsApp, alleging that Chinese hackers are targeting them to extract personal data. The Army took to the microblogging site, Twitter to urge users to use WhatsApp with caution. Indian Army’s official handle, the Additional Directorate General of Public Interface (ADGPI) also posted a video that said, “Stay cautious, stay alert, stay safe! The Chinese were penetrating the digital world.”