Home
WhatsApp zero-day attack: even an answered call can lead to phone hack

WhatsApp zero-day attack: even an answered call can lead to phone hack

Web Desk
Nov 13, 2025

The Indian government has introduced strict new cybersecurity rules, under which WhatsApp and all other messaging apps will no longer work without an active SIM card. According to foreign media, under the Cybersecurity Rules 2025, platforms including WhatsApp, Telegram, Signal and Snapchat must remain linked to a functioning SIM at all times. If the SIM in a user’s phone becomes inactive, is removed, or replaced, the app will immediately stop working. The government has given messaging platforms 90 days to comply with the new regulations. Under the updated system, users will also be logged out every six hours and will have to scan a QR code to log back in. Officials say the move aims to curb cybercrime, as many scammers use blocked or inactive SIM cards from abroad to commit fraud in India, making them difficult to trace. The decision has sparked debate among experts. Some say it is an important step toward improving traceability, while others argue it will not be enough. Critics point out that new SIM cards can still be obtained using fake or borrowed identities, meaning SIM-binding alone cannot completely stop fraud. Questions are also being raised about the accuracy of India’s telecom subscriber database, as identity fraud remained widespread in 2023 despite video-KYC and biometric verification.

ABU DHABI: The Cybersecurity Council of the United Arab Emirates (UAE) has issued a high-level warning about a dangerous zero-day attack vulnerability discovered in WhatsApp that allows hackers to gain full access to a user’s phone with just one call, even if the call is not answered.

Cybersecurity experts have cautioned that the flaw could enable attackers to steal chats, photos, and personal data, posing a serious privacy and security threat to millions of users.

The attack reportedly works by exploiting a weakness in the app’s call-handling system, making it possible for malicious actors to compromise devices simply by placing a WhatsApp call from an unknown number.

SECURITY GUIDELINES FOR USERS

The UAE Cybersecurity Council has advised users to take immediate precautions, including:

Blocking calls from unknown numbers.
Avoiding suspicious links or messages.
Updating WhatsApp to the latest available version.
Enabling two-step verification within the app.
Relying only on official sources for security information.

Officials have also urged employees in government agencies and sensitive sectors to enhance their mobile security settings and refrain from conducting confidential communications on personal devices.

According to reports, WhatsApp’s security team is actively working to patch the vulnerability. However, authorities warn that until a fix is fully rolled out, users remain at risk, and vigilance is essential.

The UAE’s cybersecurity authorities have reiterated that users should stay alert and act swiftly to protect their data, as even a single missed call could be enough to compromise their phones.