Researchers found security holes in WhatsApp that could potentially be exploited by hackers to steal user sensitive data. Fortunately, this security vulnerability has been patched by WhatsApp.
This security vulnerability was discovered by researchers from Check Point Research (CPR). This gap is in the photo filter feature in the WhatsApp for Android and WhatsApp Business for Android applications.
According to the CPR report, the vulnerability can be exploited after a user opens an attachment containing a malicious photo file (such as a specially designed GIF file), adds a specific filter to the photo, and sends the edited photo with the filter back to the attacker.
CPR says this form of exploitation is complex and requires extensive interaction with the user. Hackers who successfully exploit this vulnerability can access sensitive information from WhatsApp memory, including messages and previously shared photos and videos.
"Once we discovered a security vulnerability, we immediately reported our findings to WhatsApp, which was cooperative and collaborative in releasing a fix," said Head of Product Vulnerabilities Research CPR Oded Vanunu, as quoted by Gadgets 360, Friday (3/9/2021).
"The result of our joint efforts is a more secure WhatsApp for users around the world."
CPR reported its findings to WhatsApp on November 10, 2020. WhatsApp then patched this loophole in February 2021 via updates to WhatsApp for Android and WhatsApp Business for Android version 2.21.1.13.
WhatsApp also thanked CPR for reporting its findings. The Facebook-owned app says the end-to-end encryption they deploy is secure, and users' messages are protected.
"This report involves several steps that users must take and we have no reason to believe that users will be affected by this bug. However, even the most complex scenarios that researchers have come across can improve security for users," WhatsApp said in a statement.
"Like other technology products, we encourage users to keep their apps and operating systems up to date, to download updates as they become available, to report suspicious messages, and to contact us if they experience problems using WhatsApp."
