Facebook-owned instant messaging app WhatsApp became subject to a significant loophole that could allow hackers to access private chats. Initially, it was spotted by Google's Project Zero Team. In its blog post dated August 29, Google's Project Zero Team performed Implant Teardown to examine the safety and privacy of popular-end-to-encryption apps, including WhatsApp, Telegram, iMessage, etc. Ian Beer from Project Zero also shared screenshots, showing that the implant has access to database files on the victim's phone, eventually compromising the security of popular apps and services they use. But what is the implant, you may ask? As also explained by Beer, the implant is "primarily focused on stealing files and uploading live location data". Earlier, Beer revealed that malicious websites could compromise the security of a victim's iPhone.
Security researcher discovered a significant security loophole that if exploited, could put the security and privacy of WhatsApp users at risk. WhatsApp bug could allow hackers to access victims' chats. Previously, Beer discovered a total of 14 vulnerabilities across five exploit chains. Those chains were further divided into seven groups for web browser, 5 for kernel and two separate sandbox escapes. Project Zero's Initial analysis also indicated that at least one of the exploit chains was unpatched at the time of discovery. Meanwhile, WhatsApp cleared the air on the development and denied the existence of any security vulnerability affecting the users' security and privacy at the time of publishing this story. Commenting on the reports, here is what WhatsApp spokesperson had to say.
“WhatsApp cares deeply about the privacy of our users. It is false to claim there is a known bug within WhatsApp impacting users at this time. As always, we recommend users follow warnings from manufacturers on the latest security updates for mobile phone operating systems,” WhatsApp spokesperson said in a statement.
Recently, a cybersecurity company Check Point Research discovered a series of flaws that it claimed could compromise the security and privacy of billions of WhatsApp users. Check Point described three potential ways hackers could modify the content of anyone's messages in some of their Group conversations. To everyone's surprise, attackers could also send a private message to a group participant disguised as a public message in the Group. That issue, however, had already been fixed at the time of publication. At that time, a Facebook spokesperson told Republic World that it reviewed the issue last year and it was false to suggest there is a vulnerability within the existing WhatsApp security.