Israeli Firm ‘Check Point’ Discovers ‘Killer’ Breach On WhatsApp
Handling multiple WhatsApp messages on your phone can be pretty inconvenient, so why not do it on your computer – especially if you spend most of your day in an office, in front of a computer anyway? That’s why 200 million WhatsApp users have turned to WhatsApp Web, an instant messaging platform that brings all your WhatsApp chats into one, large screen.
But now, Israeli cyber-security giant Check Point has identified a security flaw that allows hackers to distribute malware – and even completely paralyze millions of computers – through WhatsApp Web.
WhatsApp Web is a web-based version of the WhatsApp app on your smartphone. It mirrors all messages sent and received, and synchronizes your phone and your computer, so that users can see all messages on both devices. WhatsApp Web is available for most WhatsApp supported platforms, including Android phones and iPhones.
WhatsApp, which is owned by Facebook, recently announced it had reached 900 million active users.
Check Point‘s Israeli security researcher Kasif Dekel, who recently discovered this security breach, found “significant vulnerabilities which exploit the WhatsApp Web logic and allow attackers to trick victims into executing arbitrary code on their machines in a new and sophisticated way,” according to Check Point. “All an attacker needed to do to exploit the vulnerability was to send a user a seemingly innocent vCard containing malicious code. Once opened, the alleged contact is revealed to be an executable file, further compromising computers by distributing bots, ransomware, and other malwares.”
To target an individual, all an attacker needs is a phone number associated with the account. Check Point warns that this security breach lets hackers take control of users’ computers and install ransomware – a type of malware that prevents users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their computers, or to get their data back.
Since Check Point discovered the breach, WhatsApp has issued a new Web version of the app. So, to make sure you are protected, update your WhatsApp Web now, by clearing the cache and history on your browser, and then logging into WhatsApp again by scanning the QR code.