Whatsapp Desktop App Flawed: Hackers Could Gain Access to Files

Share Article

According to a recent announcement by Facebook, it appears that WhatsApp Desktop has a flaw that allows attackers to access it remotely and read files on Windows and Mac systems.

A popular messaging app, WhatsApp, is known for having excellent security and privacy features, or so everyone believed. Recently, Facebook issued a security advisory, noting that there is a major flaw in the desktop version of the app. According to what is known, the flaw might allow potential attackers to read files on Windows or Mac PCs by using cross-site scripting attacks.

Simply put, a hacker could use a specially crafted text message to gain access to files on a targeted computer, and retrieve them from their end of a WhatsApp text message. This is likely only the beginning of what a competent hacker could do with this kind of vulnerability.

The flaw was originally discovered by PerimeterX’s security researcher, Gal Weizman. It is believed that the flaw is a result of a weakness in WhatsApp Desktop’s way of using the Electron software framework. It likely does not help that this framework is known for having its own major security problems in the past.

Electron was developed to allow developers to create cross-platform apps, which are based on browser and Web technologies. However, it is only as secure as the other components that developers use.


During the research, Weizman found that there is a cross-site scripting flaw in WhatsApp, but this was all the way back in 2017. He discovered that the flaw allows for tampering with the messages’ metadata, the ability to hide URLs within messages, and more. He kept researching the flaw and different possibilities, which led to the discovery that he can inject JavaScript code into messages, which would allow access to the local file system via JavaScript Fetch API.

Even that is not the bottom of the problem, but instead, the issue lies in the fact that WhatsApp Desktop was developed via an outdated, flawed version of Google Chrome’s old browser engine, Chrome 69. The flaw supposedly affects every version of the WhatsApp Desktop up until 0.3.9309.

Images are courtesy of Twitter, Shutterstock, Pixabay.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Related topics

Follow Author

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption      

Read now

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption

Read now

Olympus, a P2E NFT Game Similar to Clash Royale, Is Making Headlines

Read Now