WhatsApp fixes bug that let users bypass ‘View Once’ privacy feature

Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Google
Government & Policy
Hardware
Instagram
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
WhatsApp fixed a bug that allowed malicious users to save pictures and videos that were supposed to be viewed only once and then vanish. 
In September, TechCrunch reported that a bug in the implementation of the “View Once” privacy  feature allowed people using WhatsApp’s browser-based web app to display and then keep the picture or video. The View Once feature is designed to prevent recipients from saving, sharing, forwarding, copying, and even screenshotting or screen recording media sent as “View Once,” given that in normal circumstances, the pictures or videos disappear after being viewed.
On Friday, WhatsApp spokesperson Zade Alsawah told TechCrunch that the company has rolled out a longer-term fix that resolved the issue. 
“We’re constantly building in layers of privacy protection, and that includes rolling out key updates to view once on web,” Alsawah said in an email. “As always, we continue to encourage users to only send View Once messages to people they know and trust, and make sure they’re on the latest version of the app.”

Contact Us

Do you have more information about bugs in WhatsApp or other messaging apps? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

Tal Be’ery, a security researcher, who has been looking into WhatsApp’s privacy issues this year, alerted WhatsApp and TechCrunch of the bug. But Be’ery wasn’t the only one who found the flaw. When he found it, there were also several browser extensions and posts on social media that advertised easy solutions to circumvent the privacy feature, allowing users to just install an extension and automatically be able to display and save media sent as View Once. 
After WhatsApp’s fix, which appears to have been pushed in the last couple of weeks, users of those browser extensions, some of which require a paid subscription, are complaining that they don’t work anymore. “Does not work AT ALL. Don’t waste your time” complained one user. 
Now, in a test performed by TechCrunch on Friday, when we received a View Once Message on WhatsApp’s web app, the app displayed the following message, which is the same message that it usually displays on the desktop app.
In another test performed by TechCrunch and Be’ery last week, the researcher saw a different message: “Waiting for this message. Check your phone.”
In any case, Be’ery wasn’t able to save the picture using the technique he has been using for months. “Sometimes, when a vulnerability is exploited in the wild, a responsible disclosure is to go public,” Tal Be’ery told TechCrunch. “We are very happy that our research and publication drove WhatsApp to fix the issue and protect the privacy of their users.” 
Be’ery, who is the CTO and co-founder of crypto wallet Zengo, published a blog post on Monday analyzing the fix.
View Once was launched in 2021 and is designed to work only on WhatsApp’s iOS and Android apps, and not on the web or desktop app.
Topics
OpenAI’s Sora video generator is launching for ChatGPT Pro and Plus subscribers — but not in the EU

Troubled electric truckmaker Nikola offers up to $100 million in common stock

It’s a Raspberry Pi 5 in a keyboard, and it’s called the Raspberry Pi 500

Apple sued over abandoning CSAM detection for iCloud

OpenAI bets you’ll pay $200 a month for ChatGPT

Elon Musk’s X gains a new image generator, Aurora

As YC retreats from Africa, alumni launch accelerators to fill the gap

Senior Reporter, Cybersecurity
Subscribe for the industry’s biggest tech news
Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
TechCrunch's AI experts cover the latest news in the fast-moving field.
Every Monday, gets you up to speed on the latest advances in aerospace.
Startups are the core of TechCrunch, so get our best coverage delivered weekly.
By submitting your email, you agree to our Terms and Privacy Notice.
© 2024 Yahoo.

source
Sponsor:News technical sponsor
Sponsor:News AI sponsor
Sponsor: AI sponsor
Sponsor: AI sponsor

Leave a Comment

Vélemény, hozzászólás?

Az e-mail címet nem tesszük közzé. A kötelező mezőket * karakterrel jelöltük