A WhatsApp bug threatens security
The most important instant messaging application in the world is again at the center of the news for security reasons. Ahmed Lekssays, a security researcher in apps and mobile operating systems, detected a bug in WhatsApp for iOS that allows a user to extract all contact information and conversation content of a foreign device.
Lekssays, a computer engineering student at Al Akhawayn University, I had already discovered other vulnerabilities in the application Twitter for iOS, allowing access to third parties on account of the same application. In the case of the microblogging network, they corrected the problem quickly, but with the rate of updates WhatsApp has, it may take a few months until the current problem is corrected.
What is needed to violate the security of WhatsApp on iOS?
Ahmed Lekssays shows us that all that is needed to violate the security of WhatsApp is an iPhone and a computer running the Linux operating system. With this he was able to access WhatsApp accounts and extract the content of the conversations, from texts to files transferred from audio, video and image.
The Lekssays method also did not differentiate between iOS devices with blocking methods or devices without security measures. WhatsApp security flaw is so specific that still phones locked with security keys or Touch ID are also vulnerable.
The revelation was presented in the Moroccan magazine TelQuel, where Lekssays explained that any user with bad intentions and a little computer knowledge can take advantage of this vulnerability to violate the privacy of other users in WhatsApp.
WhatsApp is the most popular and least secure messaging app worldwide
The WhatsApp application, now owned by Facebook, has more than 800 million active users worldwide. It is by far the most used application in its style, so you cannot allow failures of this type. The good thing is that they are detected earlier by security investigators than by computer criminals. Now it's up to WhatsApp to design the patch and fix the vulnerability in the shortest possible time.
What yes, given WhatsApp update history, it may take a while. If we consider that interactive notifications are available since September of last year but have not yet been enabled, it may take a few months before the update appears to cover this new vulnerability.