A bug discovered in the
WhatsApp web extension could allow hackers to take remote control of users'
computers with just their phone number, a security firm has warned
A software vulnerability has
been discovered in the web-based version of the popular WhatsApp messaging app
for smartphones, which could allow hackers to trick users into downloading
malware on their PCs.
Last month, WhatsApp made
its web client, known as WhatsApp Web, available to iPhone users for the
first time, after rolling out the service for Android, BlackBerry and Windows
Phone earlier in the year.
The service effectively
replicates the experience of using the mobile app in a web browser, allowing
users to view all of the messages they have sent and received – including
images, videos, audio files, locations and contact cards – on their PC.
However, security
firm Check Point claims to have discovered a vulnerability that could
compromise computers, by allowing hackers to distribute malware including ransomware,
bots, remote access tools (RATs) and other types of malicious code.
Ransomwear forces
victims to pay a ransom to regain access to their systems and data, bots
cause the system to slow down to a crawl, and RATs give hackers remote access
to the victim's PC.
WhatsApp recently announced
that it had reached 900m active users a month, and at least 200m are
estimated to use the WhatsApp Web interface.
To target an individual, all
an attacker needs is the phone number associated with their account. By sending
a seemingly innocent ‘vCard’ contact card containing malicious code, and
persuading the victim to open it, they can launch an executable file and begin
downloading malware onto their PC.
WhatsApp has verified and
acknowledged the security issue and has developed a fix for web clients
worldwide, which started rolling out on August 27. All versions of WhatsApp Web
after v0.1.4481 contain the fix for the vulnerability.
Check Point said that users
should update their WhatsApp web software immediately and clear their browser
cache to ensure that the patch is applied. The update will appear in the
notification bar:
“Thankfully, WhatsApp
responded quickly and responsibly to deploy an initial mitigation against
exploitation of this issue in all web clients, pending an update of the
WhatsApp client,” said Oded Vanunu, security research group manager at Check
Point.
“We applaud WhatsApp for
such proper responses, and wish more vendors would handle security issues in
this professional manner. Software vendors and service providers should be
secured and act in accordance with security best practices.”
The company had not replied
to a request for comment at the time of writing.
Source:
*** UPDATE:
WhatsApp, the widely used messaging program, has fixed a dangerous flaw in its Web app that could be used to trick people into installing malware, according to Check Point.
WhatsApp, the widely used messaging program, has fixed a dangerous flaw in its Web app that could be used to trick people into installing malware, according to Check Point.
good to hear.
ReplyDelete