Security News > 2021 > April > New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely
"The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs said today.
"With the TLS secrets at hand, we will demonstrate how a man-in-the-middle attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys used for end-to-end encryption in user communications."
The cybersecurity firm said it has no knowledge on whether the attacks have been exploited in the wild, although in the past, flaws in WhatsApp have been abused to inject spyware onto target devices and snoop on journalists and human rights activists.
"We regularly work with security researchers to improve the numerous ways WhatsApp protects people's messages," a spokesperson told The Hacker News.
"We appreciate the information these researchers shared with us, which has already helped us make improvements to WhatsApp in the event an Android user visited a malicious website on Chrome. To be clear: end-to-end encryption continues to work as intended and people's messages remain safe and secure."
"There are many more subsystems in WhatsApp which might be of great interest to an attacker," Karamitas said.