WhatsApp keep getting hacked
Dailystar.co.uk News page: A software vulnerability in a WhatsApp browser add-on could allow hackers to take remote control of MILLIONS of computers across the globe, a security firm has warned.
WhatsApp Web allows Android, BlackBerry, Windows Phone and most recently iPhone users to continue their WhatsApp conversations within a browser window.
Users can send and read messages, videos, audio files, locations and contact information from their browser of choice, on PC or Mac.
But security firm Check Point claims a vulnerability discovered in the software could allow hackers to take control of users’ computers and install ransomware, or other malicious code.
Ransomware is a collective term for apps which extort money from users with the threat to release private information or wipe data from a device.
To execute the potentially devastating remote attack – all the hackers need is the phone number associated with your WhatsApp account, Check Point has claimed.
The shocking news comes days after WhatsApp announced it had 900million active monthly users.
Hackers can then send a seemingly innocuous vCard electronic contact card, laced with malicious code.
As soon as the victim loads the vCard file – hackers can begin to remotely download malware onto the victim’s computer.
WhatsApp has acknowledged the security flaw in its browser service and has issued a fix, which began rolling out to web clients worldwide on August 27.
All versions of WhatsApp Web after v0.1.4481 are immune from the attack.
Check Point said users should clear their browser cache to ensure they are safe from the hack.
“Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client,” Oded Vanunu, security research group manager at Check Point, told The Telegraph.
“We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner.
“Software vendors and service providers should be secured and act in accordance with security best practices.”