Take a fresh look at your lifestyle.

WhatsApp vulnerability discovered that allows hackers to access PRIVATE files

A WhatsApp vulnerability was discovered that could allow hackers to access PRIVATE files saved on your computer, warns a cybersecurity expert

  • Expert Gal Weizman found the weakness and told WhatsApp about it in 2019
  • If it explodes, it sends malicious links to unsuspecting users through WhatsApp Web
  • It would give hackers access to private files that are stored on a computer
  • WhatsApp fixed the weakness in December, but users are urged to update their application

A cybersecurity expert has discovered a vulnerability in WhatsApp Web for desktop computers that exposes users' private files.

The error was found by JavaScript expert Gal Weizman, and affects users with an iPhone paired with WhatsApp Web.

Weizman exploited a weakness in the WhatsApp Content Security Policy, which allowed us to bypass normal security measures.

The Facebook-owned application prides itself on its security and has end-to-end encryption to protect messages.

But this vulnerability, which was reported to WhatsApp and resolved in December, could have given hackers access to private files, photos and videos stored on a computer.

WhatsApp states that there are no known cases of criminals who exploit this vulnerability to hack a client.

Scroll down to watch the video

It was found by JavaScript expert Gal Weizman and was found to affect users with an iPhone paired with WhatsApp Desktop. Hackers could change the URL that appears in the banner message (pictured) when a link is sent to trick users

It was found by JavaScript expert Gal Weizman and was found to affect users with an iPhone paired with WhatsApp Desktop. Hackers could change the URL that appears in the banner message (pictured) when a link is sent to trick users

WHAT WAS THE VULNERABILITY?

JavaScript expert Gal Weizman found the vulnerability.

Weizman was able to find a breach in the Content Security Policy (CSP) used by WhatsApp, allowing omissions and cross-site scripting (XSS) in the desktop application.

This also allowed him to obtain read permissions from the local file system in Mac and Windows desktop applications.

Through the WhatsApp desktop platform, Weizman was able to find the code where the messages are formed, manipulate it and then let the application continue in its natural flow of message delivery.

This omitted the filters and sent the modified message through the application as usual, appearing relatively normal in the user interface.

Weizman showed that the failure also allowed hackers to manipulate messages, which could make a link look legitimate and disguise its dire purpose.

Unprepared users would receive dangerous messages that gave hackers access to desktop files.

in a blog post For PermineterX, Mr. Weizman said: "In a nutshell, unsuspecting users could be subject to harmful codes or links injected into their seemingly harmless exchanges.

"These message modifications would be completely invisible to the inexperienced eye."

The December update for WhatsApp presented a patch for this vulnerability and users are urged to update their application immediately to ensure they are protected.

But DomainTools cybersecurity expert Corin Imai said the vulnerability is definitely & # 39; a cause for concern & # 39 ;.

Ms. Imai said: & # 39; WhatsApp has an estimated 1.5 billion monthly users, and in the development of democracies like India, where WhatsApp has 200 million users, it has become a substitute for the conversation of the town square.

DomainTools cybersecurity expert Corin Imai said the vulnerability is definitely & # 39; a cause for concern & # 39;

DomainTools cybersecurity expert Corin Imai said the vulnerability is definitely & # 39; a cause for concern & # 39;

DomainTools cybersecurity expert Corin Imai said the vulnerability is definitely & # 39; a cause for concern & # 39;

& # 39; Users in India would have their chat groups from & # 39; family & # 39; and & # 39; Friends & # 39 ;, but often also use third-party applications to find and join WhatsApp groups aligned with their political views.

"So that a vulnerability can edit the content of the messages is a legitimate cause of concern from a cybersecurity perspective, but potentially also from a false news perspective."

WhatsApp says it doesn't believe the vulnerability has been exploited by criminals.

In a statement, the messaging platform owned by Facebook said: & # 39; We work regularly with leading security researchers to anticipate potential threats to our users.

& # 39; In this case, we solve a problem that could theoretically have affected iPhone users who clicked on a malicious link while using WhatsApp on their desktop.

"The error was corrected quickly and has been applied since mid-December."

. (tagsToTranslate) dailymail (t) sciencetech (t) Apple