While most people use their smartphone for the WhatsApp encrypted messaging service, some use WhatsApp Web to do the same thing. Available to Android, BlackBerry, Windows Phone and iOS users on their PCs, it lets people look at messages they’ve received and sent, including images and videos. However, those that do use the service are vulnerable to a new threat which attempts to trick them into downloading malicious files.
The WhatsApp web service lets users send “vCards” to one another if they have the appropriate phone number, containing contact info. However those cards can also come bearing malware code and if opened, can execute.
While having a specific person’s phone number makes it possible for nefarious individuals to target those people with malware, with over 900 million WhatsApp accounts the world over, there are plenty of people that could potentially be affected if random numbers are contacted in this way.
Fortunately then, WhatsApp has already responded to the news and has patched the hole. However, users will need to update their WhatsApp web software (if they are running at least version 0.1.4481 then you’re fine) but it wouldn’t hurt to clear their cache too, to make sure the vulnerability has been removed.
“We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices,” said security firm Check Point.
Discuss on our Facebook page, HERE.
KitGuru Says: With WhatsApp closing in on a billion users, it’s easily the world’s second largest communication platform behind Facebook, which is a sterling achievement.