Hackers could access photos and videos and post them online due to a gaping security hole discovered in WhatsApp.
(CCM) — Millions of WhatsApp users could have had their accounts hacked simply by clicking on a maliciously-formed picture due a huge flaw in WhatsApp's Web software, security researchers have revealed. The flaw, which was discovered by staff at security company Check Point, is believed to have been in existence since the app's launch in January 2015. "This vulnerability, if exploited, would have allowed attackers to completely take over users’ accounts on any browser, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more," the researchers said. "This means that attackers could potentially download your photos or post them online, send messages on your behalf, demand ransom, and even take over your friends’ accounts." WhatsApp enabled end-to-end encryption in its messaging service one year ago, but the flaw was able to bypass this encryption. A similar flaw affected the Telegram messenger app, but for hackers to gain access to messages a further step was required.
Facebook has now fixed the flaw in the WhatsApp software by patching it on its servers. Users do not have to take any action apart from restarting their browsers to be fully protected against the software flaw. The WhatsApp apps for mobile devices running on platforms such as iOS and Android are not affected by the security flaw. Telegram has also patched its software to remove the flaw.
Image: © bilciu - Shutterstock.com