WhatsApp security bug "leaves 200 million users at risk"

PanARMENIAN.Net - WhatsApp, the messaging service with 900 million monthly active subscribers, has scrambled to fix a security flaw that supposedly left up to 200 million users at risk, according to Digital Spy.

Security firm Check Point discovered the vulnerability, which it claims left users of the web-based version of the platform wide open to serious malware infections.

The bug, which is a result of the way WhatsApp handles the vCard format, theoretically allows hackers to send malicious code to users, disguised as a virtual business card offering things like free emoji.

This includes ransomware - software that deprives users of access to their files unless they pay a fee - and all the hacker would need is the victim's phone number.

WhatsApp acted quickly to patch up the vulnerability, immediately correcting the flaw after Check Point brought it to their attention at the end of August.

"WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client," said Oded Vanunu, Security Research Group Manager at Check Point.

"We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices.

"Check Point continues to be on the lookout for vulnerabilities in common software and internet platforms, disclosing issues as they are discovered, protecting consumers and customers against tomorrow's threats."