It is very convenient to access WhatsApp using your desktop or laptop but before you do so, ensure that you have the latest version of the application. Gal Weizman, a researcher at California-based PerimeterX, found a major flaw in the desktop platform that allowed hackers to remotely access your computer via just a code-injected message.
Once such a message is opened, attackers gain access to not only your account but files on the computer as well. If your application is not updated to the latest version (0.4.612.0), you must avoid opening messages from any unknown sources at any cost.
Weizman found that he could exploit the platform’s vulnerability by crafting a cross-site scripting attack that would mask automatic redirects to malicious websites using familiar preview banners. If the browser or antivirus fails to detect and halt the redirect, the user can invite a lot of trouble by just opening the malicious message. This could allow attackers to gain reading permission, which, in turn, gives them access to the target’s local files.
This flaw can be traced back to the time WhatsApp desktop was introduced in 2016 and is still present in outdated versions of the application. However, it is unknown if any hackers took advantage of this flaw before Weizman discovered it.
PerimeterX suggests that at the organizational level, there must be a configuring content security policy to avert any cross-site scripting attacks. It is also vital to update anything operating on the outdated Chromium, as researches have shown that the roots of the bug can be traced back to Google’s Chromium framework.
This desktop flaw reopens the debate about whether WhatsApp is entirely safe. The developers of the Facebook-owned application say that they do not store any messages or recordings on their servers and use end-to-end encryption, making it virtually impossible even for them to monitor users’ messages. But, last year, hackers managed to break into the walls by using the sophisticated Pegasus spyware. It is believed that the spyware was used by the Indian government, among others, to monitor officials, journalists, and activists in the run-up to the 2019 General Election.
But, despite these vulnerabilities, WhatsApp still is considered one of the safest messaging applications when it comes to data privacy. However, it is only a matter of time that another bug surfaces, causing more jitters.