Hey there, did you hear about the latest security concern surrounding WhatsApp? It seems that researchers have identified a serious vulnerability that puts users’ privacy at risk. This issue specifically impacts the ‘View Once’ feature on WhatsApp, allowing an attacker to access the target media without the recipient’s knowledge.
Uncovering a Flaw in WhatsApp’s ‘View Once’ Feature
Recently, security experts from Zengo uncovered a significant security flaw in WhatsApp that enabled malicious actors to bypass the app’s ‘View Once’ privacy setting. In a detailed post, Be’ery and his team explained how they were able to access restricted media shared on WhatsApp.
According to Meta, the ‘View Once’ feature is designed to enhance privacy by allowing recipients to view shared media only once. This includes audio messages, videos, and photos that disappear from the chat once opened, leaving no trace behind. Recipients are unable to download or take screenshots of such content.
However, the researchers found a loophole in this supposedly secure system. They discovered that WhatsApp servers were simply labeling messages as ‘View Once’ without proper device restrictions, allowing attackers to manipulate the system and access the media without authorization.
Furthermore, the flaw also allowed ‘View Once’ messages to linger on WhatsApp servers for up to two weeks, posing an additional security risk.
While Meta is working on a fix for this vulnerability, users are advised to be cautious when sharing ‘View Once’ messages and only send them to trusted contacts.
Meta Takes Action to Address the Issue
After responsibly disclosing the flaw to Meta, the researchers decided to make the issue public due to its potential exploitation. As of now, there is no official patch available for WhatsApp users, but Meta is actively working on a solution that will be included in future updates.
Our bug bounty program is an important tool for gathering feedback from external researchers, and we are already implementing updates to enhance the ‘View Once’ feature on the web. We encourage users to exercise caution when using this feature and only share ‘View Once’ messages with trusted individuals.
We’d love to hear your thoughts on this matter, so feel free to share them in the comments below!
