WhatsApp bug could let strangers see your personal files

Disastrous flaw has been fixed in recent update

Andrew Griffin
Wednesday 05 February 2020 12:08 GMT
Comments
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A potentially disastrous security flaw has been found in WhatsApp, which allowed strangers to see a person's personal files.

The exploit would have let someone see the information on a person's computer if they sent them a malicious link, security researchers said.

The bug has since been fixed and is not thought to have been exploited.

If someone was attacked by the bug, they would receive a link that may look legitimate, including the small preview that shows when someone sends a link on WhatsApp.

But clicking it would have allowed the attacker to exploit a weakness in WhatsApp's Content Security Policy, which allowed users to send manipulated, malicious messages.

Once that happened, an attacker would have been able to gain access to the files stored on the person's computer.

The issue affected people who use the desktop version of WhatsApp, which borrows from the mobile version of the app.

The bug has been fixed in recent updates, and users have been warned to make sure that everything they are using to chat on WhatsApp – the phone app, as well as the one being used on the desktop – should be updated to avoid any issues.

“We regularly work with leading security researchers to stay ahead of potential threats to our users," a WhatsApp spokesperson said. "In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop.

"The bug was promptly fixed and has been applied since mid December.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in