# Voice message from infected phone



## lf1 (Aug 24, 2018)

If someone sends a WhatsApp voice note from an infected phone (or computer using WhatsApp web), can the voice note harm someone else's device by opening and listening to it?


----------



## lf1 (Aug 24, 2018)

And what about other messaging apps that allow sending voice notes?


----------



## AmyToo (Sep 22, 2017)

I use WhatsApp, but I don't know what a "voice note" is.


----------



## lf1 (Aug 24, 2018)

AmyToo said:


> I use WhatsApp, but I don't know what a "voice note" is.


Read about a voice message here.


----------



## lunarlander (Sep 22, 2007)

That depends if the app/program doing the listening has a security vulnerability specifically for playing back audio. If the attacker knows that you use a particular app/program to play back the audio message, and it is vulnerable, then she can craft a special vioce message that will infect your machine thru the playback app/program. Don't shrug it off - hackers know security vulnerabilities Very Well.


----------



## lf1 (Aug 24, 2018)

lunarlander said:


> That depends if the app/program doing the listening has a security vulnerability specifically for playing back audio. If the attacker knows that you use a particular app/program to play back the audio message, and it is vulnerable, then she can craft a special vioce message that will infect your machine thru the playback app/program. Don't shrug it off - hackers know security vulnerabilities Very Well.


I'm asking about a scenario where someone innocently sends a voice message. It's just that the device it's being sent from is already infected.


----------



## AmyToo (Sep 22, 2017)

Ok. Voice message. I don't know how that would be a security risk in WhatsApp.


----------



## lunarlander (Sep 22, 2007)

Just recently, Andriods have a security vulnerability in which whenever a hacker sends a SMS text with a crafted image, it would infect the Andriod and she can install monitoring software unbeknown to the owner. The messages app doesn't even need to be open, when the SMS message is received, it is processed by messenger in the backgound, and that processing algorithm has a bug, and the hackers exploited it. The crux of it is that images and voice are globs of data that cannot be validated, the program receiving it has no means to verify if that glob is legal. So the hackers embeded their evil program in the glob and you get infected.


----------



## AmyToo (Sep 22, 2017)

lunarlander said:


> Just recently, Andriods have a security vulnerability in which whenever a hacker sends a SMS text with a crafted image, it would infect the Andriod and she can install monitoring software unbeknown to the owner. The messages app doesn't even need to be open, when the SMS message is received, it is processed by messenger in the backgound, and that processing algorithm has a bug, and the hackers exploited it. The crux of it is that images and voice are globs of data that cannot be validated, the program receiving it has no means to verify if that glob is legal. So the hackers embeded their evil program in the glob and you get infected.


Do you have a source for this info?


----------



## lunarlander (Sep 22, 2007)

Here you go: https://en.wikipedia.org/wiki/Stagefright_(bug)


----------

