News

WhatsApp Web flaw allows hackers to take control of your desktop

Although rarely exploited, vulnerability testing reports on WhatsApp have become prevalent in the cybersecurity community. The most recent of these reports refers to multiple failures that could alter some aspects in the user interface.

Using his knowledge in JavaScript, researcher
Gal Weizman detected multiple vulnerabilities in the messaging service that
could be exploited in real-world scenarios, exposing users to serious risks,
such as sending malicious links or remote injection of code.

It should be mentioned that the vulnerability testing
report mentions that all the flaws discovered by Weizman are found in WhatsApp
Web
, the desktop version of the messaging service. Its exploitation
would allow sophisticated phishing campaigns to be deployed, spread malware,
and even some variants of ransomware, putting millions of users at risk.

One of the most serious flaws allows you to evade platform security measures to run cross-site scripts (XSS). By exploiting this vulnerability, malicious actors may obtain read permission on the target device’s local file system to add links or malicious code to a message sent by WhatsApp Web. Running these attacks is possible by simply modifying the JavaScript code of a message before it is sent. 

Soon after, a WhatsApp spokesperson mentioned
that the company, owned by Facebook, has already received the report, so the
bugs were fixed shortly after: “The issue we addressed in the most recent
update could have affected thousands of users of WhatsApp Web platform; we
appreciate the security investigator’s report.”

While this flaw has already been fixed, similar
new threats could appear shortly, so vulnerability testing specialists at the
International Institute of Cyber Security (IICS) recommend that you be careful
when interacting with a message received via WhatsApp Web containing the text
“javascript”, as it is a clear indicator of potentially malicious
activity, especially if it is sent from an unknown account.

You Might Also Like