WhatsApp Security Issue Puts Over 200 Million Users At Risk
A software vulnerability that was discovered in the web-based version of the WhatsApp, might allow hackers to trick users into downloading a virus to their computers.
We remind you that the WhatsApp web client, also known as WhatsApp Web, was made available for the iPhone users for the first time. This service was already available for Android, Windows Phone and BlackBerry users since January 2015.
In order to access this service, all you have to do is open the web.whatsapp.com webpage on your PC using the Firefox, Opera or the Google Chrome browser and scan the QR code with your smartphone (this scanning “feature” can be accessed from the WhatsApp application).
Once the QR code is scanned by your smartphone, you will automatically log into your WhatsApp account on your computer. However, you will still need to leave the internet connection and WhatsApp application open on your smartphone, as the WhatsApp Web is synchronizing with it.
According to CheckPoint, a security firm, there is a vulnerability that can compromise computers, by allowing the hackers to distribute a malware such as remote access tools, bots and other types of malicious codes.
We remind you that recently, WhatsApp announced that the application has reached 900 million monthly active users and there are over 200 million people who are using the WhatsApp Web feature.
In order to target an individual, the hacker will need the mobile phone number that’s associated with your account and by sending you a “vCard” contact card that contains a malicious code. Once you get the “vCard”, it will launch an executable file that will start downloading malware onto your computer.
The developers of WhatsApp have verified the security issue and they’ve released a fix for the web clients from all over the world, on August 27, 2015.
It seems that all WhatsApp versions after 0.1.4481 have the fix for this vulnerability and CheckPoint suggested the users to update their WhatsApp Web software as soon as possible and clear the browser cache to make sure that the patch is applied.