Bad news for users of the popular WhatsApp application: a bug discovered in the View Once feature threatens their privacy. More than two billion users are thus at risk. Tal Be’ery, a security researcher, recently identified this problem.
This is View Once
This is intended to provide a temporary form of privacy, allowing users to send messages that disappear after being viewed by the recipient(s).
Messages sent this way cannot be forwarded, saved or screenshotted. Normally, this feature is exclusively available on WhatsApp mobile apps for Android and iOS.
The security breach on the web version
Users who access WhatsApp through the desktop app or browser receive a warning message telling them that they can only open the message on their mobile phone.
However, Be’ery discovered a way around the restrictions. In a live demo, the researcher showed that he was able to view and save an image sent as View Once while using WhatsApp on the web.
What are the risks for users?
This bug allows malicious recipients to display and save images and videos that should disappear immediately after being read or viewed.
“The only thing worse than no privacy is the false sense of privacy where users are led to believe that some forms of communication are private when in fact they are not,” said Be’ery.
WhatsApp is working on a solution
The security issue was reported to Meta, the parent company of WhatsApp, on August 26, 2024.
In a recent statement, WhatsApp confirmed that it is aware of the issue and is “already in the process of rolling out updates for the View Once feature on the web.”
The exact date when the update will be available is not yet known. Until then, users are advised to send these kinds of messages on WhatsApp only to people they trust the most.
Browser extensions and vulnerability discussions
Be’ery is not the first to discover the bug. There are already browser extensions that make it easy to bypass View Once, and discussions about this vulnerability are active on all social networks.
Source: TechCrunch
Source: www.go4it.ro
