Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

WhatsApp bug could let strangers see your personal files

Disastrous flaw has been fixed in recent update

Andrew Griffin
Wednesday 05 February 2020 12:08 GMT
Comments
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California (Justin Sullivan/Getty Images)

A potentially disastrous security flaw has been found in WhatsApp, which allowed strangers to see a person's personal files.

The exploit would have let someone see the information on a person's computer if they sent them a malicious link, security researchers said.

The bug has since been fixed and is not thought to have been exploited.

If someone was attacked by the bug, they would receive a link that may look legitimate, including the small preview that shows when someone sends a link on WhatsApp.

But clicking it would have allowed the attacker to exploit a weakness in WhatsApp's Content Security Policy, which allowed users to send manipulated, malicious messages.

Once that happened, an attacker would have been able to gain access to the files stored on the person's computer.

The issue affected people who use the desktop version of WhatsApp, which borrows from the mobile version of the app.

The bug has been fixed in recent updates, and users have been warned to make sure that everything they are using to chat on WhatsApp – the phone app, as well as the one being used on the desktop – should be updated to avoid any issues.

“We regularly work with leading security researchers to stay ahead of potential threats to our users," a WhatsApp spokesperson said. "In this case, we fixed an issue that in theory could have impacted iPhone users that clicked on a malicious link while using WhatsApp on their desktop.

"The bug was promptly fixed and has been applied since mid December.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in