The app uses end-to-end encryption to protect messages from interception.
Unfortunately, this same security measure prevented WhatsApp from seeing and preventing the spread of malicious software - potentially allowing an attacker to download the user’s pictures or to take over the user accounts entirely.
Security researchers Check Point found that Hackers were able to hide malware within images, which were then sent to a recipient. Once the recipient opens the picture, a hacker can be instantly granted access to the app’s local storage, where user data is contained.
“From that point, the attacker can gain full access to the user’s account and account data. The attacker can then send the malicious file to the all victim’s contacts, opening a dangerous door to a potentially widespread attack over the WhatsApp and Telegram networks,” Check Point explained.
“Since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent.”
WhatsApp quickly fixed the vulnerability. Users logging into the web versions of either app are advised to restart their browser.