Whatsapp Desktop App Flawed: Hackers Could Gain Access to Files

According to a recent announcement by Facebook, it appears that WhatsApp Desktop has a flaw that allows attackers to access it remotely and read files on Windows and Mac systems.

A popular messaging app, WhatsApp, is known for having excellent security and privacy features, or so everyone believed. Recently, Facebook issued a security advisory, noting that there is a major flaw in the desktop version of the app. According to what is known, the flaw might allow potential attackers to read files on Windows or Mac PCs by using cross-site scripting attacks.

Flaws in WhatsApp’s desktop app allowed remote access to files https://t.co/PXdayX1J8Y by @thepacketrat
— Ars Technica (@arstechnica) February 5, 2020

Simply put, a hacker could use a specially crafted text message to gain access to files on a targeted computer, and retrieve them from their end of a WhatsApp text message. This is likely only the beginning of what a competent hacker could do with this kind of vulnerability. The flaw was originally discovered by PerimeterX’s security researcher, Gal Weizman. It is believed that the flaw is a result of a weakness in WhatsApp Desktop’s way of using the Electron software framework. It likely does not help that this framework is known for having its own major security problems in the past. Electron was developed to allow developers to create cross-platform apps, which are based on browser and Web technologies. However, it is only as secure as the other components that developers use.

During the research, Weizman found that there is a cross-site scripting flaw in WhatsApp, but this was all the way back in 2017. He discovered that the flaw allows for tampering with the messages’ metadata, the ability to hide URLs within messages, and more. He kept researching the flaw and different possibilities, which led to the discovery that he can inject JavaScript code into messages, which would allow access to the local file system via JavaScript Fetch API. Even that is not the bottom of the problem, but instead, the issue lies in the fact that WhatsApp Desktop was developed via an outdated, flawed version of Google Chrome’s old browser engine, Chrome 69. The flaw supposedly affects every version of the WhatsApp Desktop up until 0.3.9309.

Images are courtesy of Twitter, Shutterstock, Pixabay.

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.