WhatsApp Vulnerability: how the desktop app gives access to attackers
Whatsapp, the top most used instant messenger used by over one billion people in over 180 countries to stay in touch with friends and family, anytime and anywhere and offers simple, secure, reliable messaging and calling, available on phones all over the world.
According to Facebook’s most recent security advisory, the flaw affects WhatsApp’s desktop version 0.3.9309 and earlier. The vulnerability also affects users who paired the desktop app with WhatsApp’s iPhone version before 2.20.10.
Updating the WhatsApp desktop app on your PC will likely guard you against any exploitation.
Gal Weizman at PerimeterX originally discovered the security flaw in the platform. Back in 2017, he first found multiple issues with the app, including tampering with the metadata of messages, sending malicious URL’s via the platform, and more.
Apparently, the desktop app of WhatsApp was running an older release of Google’s Chromium web engine, i.e., Chrome 69. Any new version would have easily caught any injection of malicious code.
The root cause of the vulnerability began with Facebook implementing the WhatsApp desktop version using the Electron software framework, which already has a history of multiple security issues,
According to Ars Technica. For those who don’t know, Electron helps in building cross-platform apps based on web technology.
While WhatsApp offers end-to-end encryption for enhanced security, the platform is only safe when it is updated regularly with the latest security fixes.