Towards the end of last month, Check Point, an Israeli-based security firm discovered a bug in WhatsApp Web, the PC version of the famous instant messaging and voice calling app, WhatsApp.
However, even before this bug became known to the public, the company moved in swiftly with a fix to this bug.
The attack, which could have easily put more than 200 million users of this web client at risk, was spotted on August 21 by a security researcher by the name of Kasif Dekel, who works with Check Point. After Check Point had sent a warning or rather notification to WhatsApp developers, they did not hesitate to take immediate action and by the time August 27 was coming around, a fix had already been issued.
WhatsApp fixes available via the Web version
WhatsApp Web is simply a web client that mirrors the messages of the phone app to the PC client. This is done by syncing the phone and PC such that the messages display on both devices at a time.
The web client requires that the phone app be running and the phone connected to the internet to mirror the messages to the PC client. However, you don’t need to update the installed Android version before you can get access to the latest WhatsApp Web fix. The update has been availed directly via the web client and as such, users need to update it from their PCs.
The security firm warned WhatsApp of the danger posed by this hack because the attack somehow demands cash from users. Once the malware enters your system, the hacker can easily lock you out of your system and to regain control or access, you may be asked to part with cash via some online payment means.
WhatsApp added iPhone support to this web application just about a month ago. The client still has a long way to go if it’s to emulate the success its owner, Facebook, has achieved with the web version.
How WhatsApp Web bug works
According to the security firm, the vulnerability is brought about, by the way, the app handles contacts, especially when they are in the vCard format. All a hacker needs to know is your WhatsApp-registered phone number, and that’s all. He will then send you a vCard message that contains arbitrary code. Once you open this innocent-looking message, the code will begin executing and thus spread infected files to your system.
Since WhatsApp is a cross-platform application, there is a good chance that this message will be opened by many users. Once the vCard is opened, the door will have opened wide for the hacker to do whatever he intended to do. Hence, the firm advises users that they should quickly update to the latest WhatsApp Web version to take advantage of this fix. All you need is to log out of the web client, clear your browsing history/cache and once again, log into the web client.