VPN Articles and News

WhatsApp Bug Exposed 200 Million Users To Hackers

By
Friday, April 15th, 2016


Security experts recently discovered a big security vulnerability in instant messaging service WhatsApp that could have threatened the security of over 200 million users. The security flaw, also dubbed as MaliciousCard, was discovered by Check Point Software Technologies which is a California based security firm. The security bug was found in the web version of WhatsApp which means only the users who used the messaging application through their computers were at the risk of having their personal details exposed to the hackers.

WhatsApp is the most popular messaging app on the planet with over 900 million users. While the service has made it incredibly easy to share messages, photos and videos with our friends and business associates, its security record has not been up to the mark. Although WhatsApp now uses extremely secure encryption to encrypt messages, it doesn’t mean that the app is totally secure or without any security bugs.

The MaliciousCard bug affects WhatsApp Web which was launched with great fanfare earlier this year. The web version of the app has seen its share of security and privacy issues including the bug that compromised users’ photos regardless of the privacy settings (https://vpncoupons.com/whatsapp-web-version-bug-compromises-users-photos/). It is estimated that the web version of the messaging app is currently being used by over 200 million users which means the MaliciousCard vulnerability had the potential of becoming a major security headache for the Facebook owned WhatsApp.

The MaliciousCard bug targets vCards which are nothing but electronic business cards that are used to exchange contact details. A security flaw in the web client of WhatsApp allowed hackers to import malicious code hidden in vCards. Once the infected vCard is opened, the malicious code can then be used to steal information or even control the computer from a remote location. Hackers can even exploit the bug to lock the infected computers from a distant location and then ask for a ransom in order to unlock them.

Perhaps the most dangerous aspect of the MaliciousCard vulnerability is that it is fairly easy to target phone users with it. Hackers only need phone numbers of victims in order to send infected vCards to them. Since most users consider vCards are harmless and don’t think twice before importing them, the bug can spread easily without attracting undue attention. The bug could also be used to harvest even more phone numbers through contact lists stored on an infected machine.

WhatsApp patched the bug and released WhatsApp Web 0.1.4481 soon after it was made aware of the vulnerability by Check Point Software Technologies. However, WhatsApp users who have not updated their web clients to the latest version can still become victims of the MaliciousCard security flaw. While it is not clear whether the bug even affected Mac based systems, Windows users are especially vulnerable to the flaw. If you use web version of WhatsApp on a Windows machine, you must update your WhatsApp web client immediately to remain safe from the MaliciousCard vulnerability.


April 15, 2016
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


9 + 1 =