According to a recent announcement by Facebook, it appears that WhatsApp Desktop has a flaw that allows attackers to access it remotely and read files on Windows and Mac systems.
A popular messaging app, WhatsApp, is known for having excellent security and privacy features, or so everyone believed. Recently, Facebook issued a security advisory, noting that there is a major flaw in the desktop version of the app. According to what is known, the flaw might allow potential attackers to read files on Windows or Mac PCs by using cross-site scripting attacks.
— Ars Technica (@arstechnica) February 5, 2020
Simply put, a hacker could use a specially crafted text message to gain access to files on a targeted computer, and retrieve them from their end of a WhatsApp text message. This is likely only the beginning of what a competent hacker could do with this kind of vulnerability.
The flaw was originally discovered by PerimeterX’s security researcher, Gal Weizman. It is believed that the flaw is a result of a weakness in WhatsApp Desktop’s way of using the Electron software framework. It likely does not help that this framework is known for having its own major security problems in the past.
Electron was developed to allow developers to create cross-platform apps, which are based on browser and Web technologies. However, it is only as secure as the other components that developers use.
Even that is not the bottom of the problem, but instead, the issue lies in the fact that WhatsApp Desktop was developed via an outdated, flawed version of Google Chrome’s old browser engine, Chrome 69. The flaw supposedly affects every version of the WhatsApp Desktop up until 0.3.9309.
Images are courtesy of Twitter, Shutterstock, Pixabay.