When talking about messaging apps, WhatsApp is one of the apps that comes to mind. With over two billion users, WhatsApp even outranks its parent company’s messaging platform, Facebook Messenger.
And because of its billions of users, it has also become one of the most often attacked apps. Just as with so many other things in the technology world, WhatsApp is also prone to issues that can affect users’ privacy and security.
Now, researchers have discovered a security vulnerability in WhatsApp. This, if left unfixed, can be used to exploit its two billion users across the globe.
- WhatsApp is testing out encrypted cloud backups on Android
- Accept privacy terms or face limited functionality, says WhatsApp
- WhatsApp’s status flaw can be exploited by stalkers, says expert
A security weakness in WhatsApp endangers its two billion users
Researchers from Check Point Research have discovered a vulnerability that can be used by hackers to attack the platform’s over two billion users worldwide.
The vulnerability appears to be in the app’s image filter function. It has been estimated that over 55 billion messages are being sent on WhatsApp daily. Over 4.5 billion of those are photos and one billion videos are shared on a daily basis.
But what exactly is WhatsApp’s image filtering? This is the process through which pixels of the original image are enhanced to reach some visual effects like image sharpen or blur.
According to Check Point Research, switching between numerous filters on crafted GIF files has caused WhatsApp to crash. According to CPR’s study, they have identified one of those crashes as memory corruption.
The cybersecurity company was able to crash WhatsApp by switching between many filters on crafted GIF files.
The security company then quickly reported the matter to WhatsApp. The app also named the vulnerability CVE-2020-1910, presenting it as an out-of-bounds read and write issue.
Hackers could just simply apply specific image filters to a specially crafted image and send the resulting image. This is how these data hackers are able to read sensitive information from WhatsApp memory.
WhatsApp has fixed the issue
After disclosing its findings to WhatsApp on November 10, 2020, the messaging company verified and acknowledged the security issue.
Furthermore, WhatsApp was quick to roll out a fix soon after CPR disclosed its findings to WhatsApp. WhatsApp verified and acknowledged the security issue.
With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,says Oded Vanunu, head of products vulnerabilities research at Check Point.
On the other hand, WhatsApp takes reports like this very seriously.
We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app.
People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure. This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug.
That said, even the most complex scenarios researchers identify can help increase security for users. As with any tech product, we recommend that users keep their apps and operating systems up to date, to download updates whenever they’re available, to report suspicious messages, and to reach out to us if they experience issues using WhatsApp,responded WhatsApp.
Check Point Research still recommends that users always keep their apps and phone’s operating systems up to date at all times.
More on WhatsApp: