A "severe" security problem with WhatsApp could have left "hundreds of millions" of accounts vulnerable to hackers, according to researchers that discovered a flaw in the app.
The bug, which affected the web version of the messaging app, would have allowed people with technical knowledge to take over users' accounts with a simple message. Clicking and opening a malicious file could have let hackers see victims' conversations, photos, videos, contacts, shared files and more, security researchers at Check Point said.
WhatsApp has now fixed the problem, which could also have been used to take over accounts belonging to victims' friends.
"Attackers could potentially download your photos and or post them online, send messages on your behalf, demand ransom and even take over your friends' accounts," said the researchers.
The flaw was discovered in the end-to-end encryption WhatsApp uses. It is also used in encrypted messaging app Telegram, which has since fixed the problem as well.
Check Point alerted the companies about the issue last week. "Thankfully, WhatsApp and Telegram responded quickly and responsibly to deploy the mitigation against exploitation of this issue in all web clients," said Oded Vanunu, from Check Point.
Vanunu added that they hadn't seen anyone exploiting the problem in the course of their research.
WhatsApp said: "When Check Point reported the issue, we addressed it within a day and released an update of WhatsApp for web."
To ensure their WhatsApp accounts are safe the company said users should restart their browsers, thereby making sure the version is up to date.
The most secure messaging apps
1) Facebook WhatsApp - Facebook’s Messenger is less secure, however
2) Apple iMessage and FaceTime; Telegram Messenger
4) Google Duo. The company’s Allo and Hangouts are less secure
5) Line; Viber
7) Kakao; Microsoft
10) Blackberry Messenger
Tencent’s WeChat and QQ did not meet the privacy criteria of the test and were not ranked
How to protect yourself
Although the problem has now been fixed on WhatsApp and Telegram, the researchers said users should take simple defensive steps to protect their information. Users are advised to periodically clear all logged-in computers form their WhatsApp and Telegram accounts in Settings.
Check Point added that users should always avoid opening suspicious files and links that come from numbers they don't know.