WhatsApp Security Flaw Places 200m Users At Risk

  • Thursday, September 10th, 2015
  • Author: Tim Maytom
  • Share this article:

WhatsApp-WebA bug discovered in the WhatsApp web extension has placed millions of users at risk of having hackers take remote control of their computer using little more than their phone number, a security firm has warned.

The flaw affects the web-based version of the app, which was rolled out to iPhone users last month after being made available to Android, BlackBerry and Windows users earlier this year.

According to security firm Check Point, a vulnerability in the code could compromise computers, allowing hackers to easily distribute malware. Once they have access, hackers could deploy bots that slave the computer to external programs, ransomware that holds data hostage or remote access tools that give hackers control of the computer.

In order to target an individual, all an attacker needs is the phone number associated with the WhatsApp account, which can be found by sending a seemingly innocent contact card that contains malicious code. Once opened, it launches a file and begins downloading the malware onto the computer.

WhatsApp has verified and acknowledged the security issue, and has already developed a fix for web clients. While the rollout of the fix started on August 27, there is little way of telling how many users were affected prior to receiving the update.

“WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client,” said Oded Vanunu, security research group manager at Check Point. “We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner.

“Software vendors and service providers should be secured and act in accordance with security best practices.”