WhatsApp for Web vulnerability could give hackers control over computers

At least 200 million people are thought to be using the web interface, which security researchers claim puts their devices and security at risk

Wednesday 09 September 2015 13:35 BST
Comments
Young people are proving particularly vulnerable to online radicalisation
Young people are proving particularly vulnerable to online radicalisation (GABRIEL BOUYS/AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Users of WhatsApp for Web could easily have their security and devices compromised, security researchers have claimed.

The web interface — which lets people read and write messages on their computer — has a security issue that lets hackers take over computers using just a phone number and a simple message, according to researchers at Check Point.

At least 200 million people are thought to be using the online interface, according to estimates. The app is available on almost every platform, after the company quietly launched it on iPhone recently.

All of those users could be vulnerable to the exploit, according to the security firm. Hackers would just send them a small, apparently innocent contacts file — which, when opened, would allow hackers to run malicious code and leave them open to being hit by code that could take control of their computer, watching what they are doing, or use it to spread viruses.

WhatsApp has acknowledged the issue and has rolled out an update to web clients that blocks the problem feature. Check Point advises that users check that they are using a fully up-to-date version of the web client to ensure that they are not vulnerable to the problem.

The security issues were a result of the fact that the WhatsApp web platform lets anyone see files or media attachments that are sent by users. One such a file type was vCard contact files, which would appear as innocent to users but then would actually be an executable file that can install viruses.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in