WhatsApp security problem leaves millions of users exposed to hackers
A “severe” security problem with WhatsApp could have left “hundreds of millions” of accounts vulnerable to hackers, according to researchers that discovered a flaw in the app.
The bug, which affected the web version of the messaging app, would have allowed people with technical knowledge to take over users’ accounts with a simple message. Clicking and opening a malicious file could have let hackers see victims’ conversations, photos, videos, contacts, shared files and more, security researchers at Check Pointsaid.
WhatsApp has now fixed the problem, which could also have been used to take over accounts belonging to victims’ friends.
“Attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom and even take over your friends’ accounts,” said the researchers.
The flaw was discovered in the end-to-end encryption WhatsApp uses. It is also used in encrypted messaging app Telegram, which has since fixed the problem as well.
Check Point alerted the companies about the issue last week. “Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients,” said Oded Vanunu, from Check Point.
Vanunu added that they hadn’t seen anyone exploiting the problem in the course of their research.
WhatsApp said: “When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web.”
To ensure their WhatsApp accounts are safe the company said users should restart their browsers, thereby making sure the version is up to date.