WhatsApp security problem leaves millions of users exposed to hackers

A "severe" security problem with WhatsApp could have left "hundreds of millions" of accounts vulnerable to hackers, according to researchers that discovered a flaw in the app.

The bug, which affected the web version of the messaging app, would have allowed people with technical knowledge to take over users' accounts with a simple message. Clicking and opening a malicious file could have let hackers see victims' conversations, photos, videos, contacts, shared files and more, security researchers at Check Point said.

WhatsApp has now fixed the problem, which could also have been used to take over accounts belonging to victims' friends. 

"Attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom and even take over your friends' accounts," said the researchers.

The flaw was discovered in the end-to-end encryption WhatsApp uses. It is also used in encrypted messaging app Telegram, which has since fixed the problem as well. 

Check Point alerted the companies about the issue last week. "Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients," said Oded Vanunu, from Check Point. 

Vanunu added that they hadn't seen anyone exploiting the problem in the course of their research. 

WhatsApp said: "When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web." 

To ensure their WhatsApp accounts are safe the company said users should restart their browsers, thereby making sure the version is up to date.

The most secure messaging apps

1) Facebook WhatsApp - Facebook’s Messenger is less secure, however

2) Apple iMessage and FaceTime; Telegram Messenger

4) Google Duo. The company’s Allo and Hangouts are less secure

5) Line; Viber

7) Kakao; Microsoft

8) Skype

9) Snapchat

10) Blackberry Messenger

Tencent’s WeChat and QQ did not meet the privacy criteria of the test and were not ranked

How to protect yourself

Although the problem has now been fixed on WhatsApp and Telegram, the researchers said users should take simple defensive steps to protect their information. Users are advised to periodically clear all logged-in computers form their WhatsApp and Telegram accounts in Settings.

Check Point added that users should always avoid opening suspicious files and links that come from numbers they don't know.

Tips to secure your iPhone from hackers

1. Use a PIN or fingerprint security

Locking your screen will protect your sensitive data and apps from meddling

2) Use a longer passphrase

Go to your settings app, then “Touch ID & Passcode” and turn “Simple Passcode” off. This will allow you to create a longer and more complex passcode with upper and lowercase letters, numbers and other symbols

3) Activate self-destruct

You can tell your phone to delete all data if it thinks someone is trying to break in. Under the same page on Settings you can enable “erase data” - this will wipe the phone clean after ten incorrect guesses at the PIN

4) Increase your privacy settings

Go into your settings app and then the “privacy” tab. Here you will be able to see which apps have which privileges, and turn them off/on.

5) Turn off notifications

The ability to see a summary of notifications on the lock screen is handy, but if that gives away personal or confidential data then you could be in trouble. Remember, it will show the contents of messages you receive, your calendar for that day and various other things.

6) Disable Siri

Siri can leak data even when your phone is locked. Go to settings, then “Touch ID & passcode” and set “Allow access when locked” on Siri to Off.

7) Type it for yourself

AutoFill is a handy feature that does exactly what it says on the tin: any time that Safari sees a box asking for your name, username, password or credit card details, it fills them in for you. This is fine, unless someone else happens to be using your phone. To turn it off, go to settings, then general and “Passwords & AutoFill”.


Back to Top