Researchers find bug in WhatsApp that could give hackers access to private files

WhatsApp is one of the world’s most popular apps, with over 1.5 billion active users in 180 countries.

In 2016, WhatsApp Desktop was launched and soon became one of the messaging app’s most loved features.

The feature lets people use WhatsApp on their computers by syncing their phones.

However, a bug was recently discovered in WhatsApp Desktop that meant hackers could access private files on your computer.

Cybersecurity researcher Gal Weizman from the security firm PerimeterX reported the issue to WhatsApp, who fixed the issue.

Mr Weizmann, using his JavaScript expertise, found that those with an iPhone paired to WhatsApp Desktop could be under threat from hackers.

  • UK's most reliable mobile networks confirmed, and 02 takes the top spot again

  • WhatsApp stops working on over 7.5 million iPhone and Android devices today

He found a gap in Content Security Policy used by WhatsApp and was able to enable bypasses and cross site scripting (XSS) on WhatsApp Desktop.

This meant he could gain read permissions from the local file system and access private files.

This bug could have allowed hackers to target unsuspecting WhatsApp users and trick them into clicking links filled with malware.

  • Android WARNING: These popular apps from China can ‘spy on you’ and ‘send you porn’

These message notifications would look completely normal and this kind of attacks are made possible by a simple modification of the JavaScript code.

PerimeterX said: “These weaknesses leave users vulnerable to attacks by allowing both the text content and links in website previews to be tampered with to display false content and modified links that point to malicious destinations.”

It's important to update the app both on your phone and your desktop to the most recent version.

Experts also say that you should be savvy when clicking on links.

Make sure you only open links if you've received them from a trusted source and check the link looks normal – if it looks more like code than a link, or contains the word 'JavaScript', its very likely it's from a hacker.

A spokesperson for Facebook, which owns the messaging App, said: “We regularly work with leading security researchers to stay ahead of potential threats to our users.

“In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop.

“The bug was promptly fixed and has been applied since mid December.”

Source: Read Full Article