Users of WhatsApp for Web could easily have their security and devices compromised, security researchers have claimed.
The web interface — which lets people read and write messages on their computer — has a security issue that lets hackers take over computers using just a phone number and a simple message, according to researchers at Check Point.
At least 200 million people are thought to be using the online interface, according to estimates. The app is available on almost every platform, after the company quietly launched it on iPhone recently. All of those users could be vulnerable to the exploit, according to the security firm. Hackers would just send them a small, apparently innocent contacts file — which, when opened, would allow hackers to run malicious code and leave them open to being hit by code that could take control of their computer, watching what they are doing, or use it to spread viruses.
WhatsApp messenger has acknowledged the issue and has rolled out an update to web clients that blocks the problem feature. Check Point advises that users check that they are using a fully up-to-date version of the web client to ensure that they are not vulnerable to the problem.
The security issues were a result of the fact that the WhatsApp web platform lets anyone see files or media attachments that are sent by users. One such a file type was vCard contact files, which would appear as innocent to users but then would actually be an executable file that can install viruses.