Technology
WhatsApp bug let hackers access computers with an iOS app and a text
The past few months have not been good to WhatsApp users. Unfortunately, that doesn’t look like it’s about to change any time soon.
The Facebook-owned messaging app acknowledged and patched a major vulnerability that gave hackers the ability to access files on a victim’s computer. All you had to do to fall prey to this attack was click a disguised link preview sent via the messaging app. In other words, it would have been an easy mistake for users to make.
Importantly, this did not affect every single WhatsApp user. Rather, a WhatsApp user had to have the iOS version of the messaging app paired to either a PC or MacOS WhatsApp desktop app.
“A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading,” reads the Facebook bug report. “Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.”
In a Feb. 4 blog post, the security researcher who discovered and disclosed the vulnerability detailed his process and noted that WhatsApp should really get its shit together.
“It is 2020,” wrote Gal Weizman, “no product should be allowing a full read from the file system and potentially a [remote code execution] from a single message.”
We reached out to Facebook in an effort to determine how many people were vulnerable to this exploit and how many, if any, were actually affected by it. We’ve received no response as of press time.
Notably, WhatsApp vulnerabilities can have serious consequences. Just this past month, a security firm hired by Amazon CEO Jeff Bezos claimed in a report that the CEO’s phone may have been hacked following the receipt of a malicious WhatsApp message. And while Bezos will be fine, people with less power and resources who fall victim to similar attacks may not fare as well.
Facebook is aware of this, but suggests at least some of the blame should lie elsewhere. Following the news of Bezos’ hacked phone, the company’s vice president of Europe, the Middle East and Africa, Nicola Mendelsohn, suggested to Bloomberg that Apple is the real problem here.
“One of the things that it highlights is actually some of the potential underlying vulnerabilities that exist on the actual operating systems on phones,” Mendelsohn told the publication. “From a WhatsApp perspective, from a Facebook perspective, the thing that we care about the most, the thing that we invest in is making sure that the information that people have with us is safe and secure.”
SEE ALSO: Mic on Bezos’ hacked phone possibly compromised for months
Which, yeah, great. Making sure WhatsApp information is “safe and secure” sounds great, but perhaps that should include not allowing malicious texts that let hackers access victims’ computers? Sounds like a good place to start.
Or, if that’s too much, maybe Facebook should start recommending Signal.
-
Entertainment7 days ago
What’s on the far side of the moon? Not darkness.
-
Business6 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks
-
Business6 days ago
London’s first defense tech hackathon brings Ukraine war closer to the city’s startups
-
Entertainment7 days ago
How to watch ‘The Idea of You’: Release date, streaming deals
-
Entertainment6 days ago
Mark Zuckerberg has found a new sense of style. Why?
-
Business5 days ago
Humanoid robots are learning to fall well
-
Entertainment5 days ago
2024 summer TV preview: 33 TV shows to watch this summer
-
Business4 days ago
Google Gemini: Everything you need to know about the new generative AI platform