WhatsApp bug ‘could have let hackers secretly steal chat messages and pictures from victims’ smartphones’, security researchers claim
- The attack was never used on real users according to a Facebook spokesperson
- It has been fixed and newer versions of the software are immune to this attack
- It involved users downloading a video file containing malicious code infecting
- Facebook recommends users ensure they have the latest version of WhatsApp
A WhatsApp flaw that could let hackers steal users’ chat messages, pictures and private information has been uncovered by security researchers.
If left unpatched, the bug could allow hackers to remotely compromise smartphones by sending a video file containing malicious code to the victim’s WhatsApp account.
When the video file is downloaded – something that can happen automatically in the app – the malicious code infects the account and lets the hacker steal information from the device.
WhatsApp quietly released a patch for the vulnerability last month, and said there is no evidence of it being exploited by hackers to steal data.
The vulnerability affects WhatsApp on all major platforms including Android, iOS and Windows. It also affects the home and business versions of the software
‘In this instance, there is no reason to believe that users were impacted’, a WhatsApp spokesperson told HackerNews.
In order for hackers to exploit the bug, the video file would need to be downloaded to the device via WhatsApp.
It would then create a ‘backdoor’ into the app, which hackers could use to access the data remotely.
The vulnerability affects WhatsApp on all major platforms including Android, iOS and Windows. It also affects the home and business versions of the software.
Facebook, which owns WhatsApp, has urged users to ensure they have the latest version of the app running on their device, and to disable automatic downloads of image and video files.
The vulnerability within the app would have allowed a hacker to send an MP4 file – a type of video format – to a WhatsApp phone number and use malicious code hidden in the video file to access the users information
‘WhatsApp is constantly working to improve the security of our service,’ a spokesperson said.
‘We make public reports on potential issues we have fixed consistent with industry best practices.’
This isn’t the first time the messaging app has suffered from vulnerabilities that could lead to users’ data being stolen.
In August cyber security experts at Check Point Research revealed a flaw that would let hackers change messages sent to users.
They could even make it look as if the sender said something they didn’t say, by putting a different name above the comments made.
