Skip to main content

WhatsApp vulnerability could lead to sensitive data leakage

The popular messaging app WhatsApp recently faced a major security vulnerability that could lead to sensitive data leakage. Although the exploit has now been fixed by the company, it shows that even end-to-end encryption can be bypassed by hackers.

The vulnerability was discovered by security research firm Check Point Research (CPR). According to the firm, the exploit required “complex steps and extensive user interaction” to be achieved. If performed correctly, the hacker could read sensitive information from WhatsApp’s memory.

In order to gain access to the vulnerability, the hacker needed to send an attachment that contained a specific malicious image. The user’s data was exposed after applying a filter to this image and sending it back to the attacker, which resulted in a memory crash.

The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker. […] During their research study, CPR learned that switching between various filters on crafted GIF files indeed caused WhatsApp to crash.

Luckily, it doesn’t seem that malicious hackers had time to use this exploit to obtain data from WhatsApp users. CPR informed WhatsApp about the vulnerability on November 10, 2020, and the bug was fixed earlier this year. Version 2.21.1.13 of the WhatsApp app now features two ways to check the integrity of an edited image with filters to avoid the exploit.

WhatsApp later thanked CPR for reporting the vulnerability, claiming that the app’s end-to-end encryption remains secure and that security research firms are important in preventing exploits like this from being used for malicious purposes.

Read also:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.