A WhatsApp flaw that could let hackers steal users’ chat messages, pictures and private information has been uncovered by security researchers.
If left unpatched, the bug could allow hackers to remotely compromise smartphones by sending a video file containing malicious code to the victim’s WhatsApp account.
When the video file is downloaded – something that can happen automatically in the app – the malicious code infects the account and lets the hacker steal information from the device.
WhatsApp quietly released a patch for the vulnerability last month, and said there is no evidence of it being exploited by hackers to steal data.
In order for hackers to exploit the bug, the video file would need to be downloaded to the device via WhatsApp.
It would then create a ‘backdoor’ into the app, which hackers could use to access the data remotely.
The vulnerability affects WhatsApp on all major platforms including Android, iOS and Windows. It also affects the home and business versions of the software.
Facebook, which owns WhatsApp, has urged users to ensure they have the latest version of the app running on their device, and to disable automatic downloads of image and video files.