Thursday, December 5, 2024
Homecyber securityWhatsApp’s “View Once” Feature Flaw Exploited in the Wild

WhatsApp’s “View Once” Feature Flaw Exploited in the Wild

Published on

SIEM as a Service

The Zengo X Research Team has uncovered a critical flaw in WhatsApp’s “View Once” feature, designed to enhance user privacy by allowing media to be viewed only once before disappearing.

This flaw, now exploited in the wild, raises significant concerns about the security of the world’s most popular instant messaging app.

Discovery and Disclosure

The Zengo X Research Team, as part of their ongoing security research, identified a trivial way to bypass the “View Once” feature.

- Advertisement - SIEM as a Service

Despite responsibly disclosing these findings to Meta, WhatsApp’s parent company, the team decided to make the issue public after discovering active exploitation.

The flaw allows media intended to be viewed once to be downloaded and shared without restriction, undermining the feature’s intended privacy protections.

WhatsApp's "View Once" feature explained within the app
WhatsApp’s “View Once” feature explained within the app

Technical Insights into the Flaw

The “View Once” feature is supposed to prevent recipients from saving, forwarding, or taking screenshots of media.

However, the Zengo X Research Team found that the implementation is flawed. The media is sent to all recipient devices, including web applications, where “View Once” is not supported.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

By altering the “view once” flag, the media can be transformed into regular media, allowing it to be downloaded and shared freely.

View once” explained within the WhatsApp application
View once” explained within the WhatsApp application

Furthermore, the media can be accessed without authentication if the media URL and decryption key are known.

This makes it impossible to limit exposure to controlled environments. Some messages contain low-quality previews that can be viewed without downloading the media.

The media remains accessible on WhatsApp servers for up to two weeks, contrary to expectations that it would be deleted immediately after viewing.

Exploitation in the Wild

Others have identified and exploited the flaw. Some have developed modified WhatsApp clients or web extensions that toggle the “view once” flag, allowing unrestricted access to the media.

According to GitHub timestamps, these solutions have been discussed in online forums and have been available for over a year. The ease of exploitation highlights the urgency for Meta to address this vulnerability.

Multiple reports to Meta’s security program
Multiple reports to Meta’s security program

Why This Matters

While some may argue that the “View Once” feature was never entirely secure, as recipients could always use another device to capture the media, the digital bypass of this feature poses more significant risks.

Digital copying allows for exact replicas, scalability, and instant copying, which are impossible with manual methods.

This facilitates unauthorized distribution and complicates attribution and non-repudiation, as the original sender can no longer deny sending the media.

Exploiting this flaw underscores the need for robust security measures in digital communication platforms. As users increasingly rely on these platforms for private communication, ensuring their security is paramount.

Meta has yet to respond publicly to these findings, leaving users uncertain about the safety of their private communications on WhatsApp.

The Zengo X Research Team’s discovery of this flaw serves as a critical reminder of the ongoing challenges in digital privacy and security.

Users are advised to exercise caution and stay informed about updates and patches from WhatsApp to protect their privacy.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware

Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...