WhatsApp is probably the world’s biggest instant messaging service, and despite being owned by Meta, it has some privacy features, such as encryption and “one-time” sending of videos, photos, and voice notes. Someone might have just found a fatal flaw with the latter feature.
A significant security flaw has been discovered in WhatsApp’s “View Once” feature on its web app. This vulnerability allows malicious actors to save images and videos meant to disappear after being viewed, undermining the privacy intentions of the feature.
Security researcher Tal Be’ery uncovered the bug and provided a live demonstration to TechCrunch, showcasing how a “View Once” image could be captured and stored. Be’ery criticized the false sense of privacy the bug creates, stating that it’s worse than having no privacy at all. Although “View Once” is designed for mobile apps, WhatsApp displays a warning on its desktop and web apps, advising folks to open such media on their phones. Technically, you’re not supposed to be able to open this kind of media from a secondary device. However, this flaw allows recipients to bypass this limitation, letting them not only open them, but also save them.
Be’ery reported the issue to Meta on August 26th, and WhatsApp has acknowledged the problem, stating that updates are in progress. However, the company hasn’t provided a specific timeline for the fix. This isn’t the first time this bug has come to light. There are browser extensions and online discussions promoting methods to exploit it.
Still, the importance of fixing this cannot be understated. This view-once feature is frequently used to share sensitive information and pictures with others, and it’s stuff that people usually wouldn’t want leaking. In the meantime, if you’re in a situation where you need to share sensitive info through a feature like this, you might want to consider other apps instead.
Source: TechCrunch
