Check Point Catches The Flaw – WhatsApp Under Attack

September 11, 2015

In February 2014, Facebook acquired WhatsApp, one of the top instant messaging apps for smartphones. And in January 2015, they offered a web-based WhatsApp to its users, all over the world. With this update, anyone can use WhatsApp both from their smartphone and the computers. It was rather a great move. But, they never think that this new feature can put users at risk.

Recently, an Israeli-based security company, Check Point, discovered a flaw in the web-based service of WhatsApp. According to their research, a hacker can attack a user’s computer system by just sharing a contact card and other files.

This problem is only faced by the web users of WhatsApp. A hacker can send a vCard file to another user and with some hidden codes can access their computers. vCards are digital business cards, sent only through text messages.

Check Point Catches The Flaw - WhatsApp Under Attack

The hackers are able to sneak through the security of WhatsApp, converting the .vcf file extension to either .exe or .bat. This file extension fools a user by disguising a malware as a contact card.

This innocent appearing vCard can spread its agents (bots) to the user’s computer, spying on the activities. These bots can grant an access to the hacker, enabling him to attack user’s computer. Or they can lock user’s computer until a ransom is paid. Or they could do even worse.

It has been almost nine months since WhatsApp launched – web client. But the security system is still weak. Check Point claimed that they tested the security system by sending a test basis .exe file and sent it to a user. The security system of WhatsApp didn’t even bother to scan the vCard and let the user download it.

This malware affected some, but many were saved. Around 200 million users use the web version of WhatsApp. And luckily, only the hackers could fool the WhatsApp web client. This saves the mobile users.

As of the notifications by the IT security company, Check Point, WhatsApp finally resolved the matter. And now it’s safe to use the web version of WhatsApp.

– – – – – – – – – – – – – – – – – – – – – – – – –

Whether a web-based application or a mobile application, it is always wise to keep the testing phase running. Once you have developed a mobile application or a website application, you also need the services of an SQA. Get all the services from an IT services company UK, from web application development to website testing.