Cyber Security News

WhatsApp’s “View Once” Feature Flaw Exploited in the Wild

The Zengo X Research Team has uncovered a critical flaw in WhatsApp’s “View Once” feature, designed to enhance user privacy by allowing media to be viewed only once before disappearing.

This flaw, now exploited in the wild, raises significant concerns about the security of the world’s most popular instant messaging app.

Discovery and Disclosure

The Zengo X Research Team, as part of their ongoing security research, identified a trivial way to bypass the “View Once” feature.

Despite responsibly disclosing these findings to Meta, WhatsApp’s parent company, the team decided to make the issue public after discovering active exploitation.

The flaw allows media intended to be viewed once to be downloaded and shared without restriction, undermining the feature’s intended privacy protections.

WhatsApp’s “View Once” feature explained within the app

Technical Insights into the Flaw

The “View Once” feature is supposed to prevent recipients from saving, forwarding, or taking screenshots of media.

However, the Zengo X Research Team found that the implementation is flawed. The media is sent to all recipient devices, including web applications, where “View Once” is not supported.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

By altering the “view once” flag, the media can be transformed into regular media, allowing it to be downloaded and shared freely.

View once” explained within the WhatsApp application

Furthermore, the media can be accessed without authentication if the media URL and decryption key are known.

This makes it impossible to limit exposure to controlled environments. Some messages contain low-quality previews that can be viewed without downloading the media.

The media remains accessible on WhatsApp servers for up to two weeks, contrary to expectations that it would be deleted immediately after viewing.

Exploitation in the Wild

Others have identified and exploited the flaw. Some have developed modified WhatsApp clients or web extensions that toggle the “view once” flag, allowing unrestricted access to the media.

According to GitHub timestamps, these solutions have been discussed in online forums and have been available for over a year. The ease of exploitation highlights the urgency for Meta to address this vulnerability.

Multiple reports to Meta’s security program

Why This Matters

While some may argue that the “View Once” feature was never entirely secure, as recipients could always use another device to capture the media, the digital bypass of this feature poses more significant risks.

Digital copying allows for exact replicas, scalability, and instant copying, which are impossible with manual methods.

This facilitates unauthorized distribution and complicates attribution and non-repudiation, as the original sender can no longer deny sending the media.

Exploiting this flaw underscores the need for robust security measures in digital communication platforms. As users increasingly rely on these platforms for private communication, ensuring their security is paramount.

Meta has yet to respond publicly to these findings, leaving users uncertain about the safety of their private communications on WhatsApp.

The Zengo X Research Team’s discovery of this flaw serves as a critical reminder of the ongoing challenges in digital privacy and security.

Users are advised to exercise caution and stay informed about updates and patches from WhatsApp to protect their privacy.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Europol Shutsdown 27 DDoS Service Provider Platforms

In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15…

8 minutes ago

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC)…

14 hours ago

Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication

Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive…

14 hours ago

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information…

15 hours ago

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

DMD Diamond - one of the oldest blockchain projects in the space has announced the start…

15 hours ago

Hackers Deploy Weaponized LNK Files for Malicious Payload Delivery

Researchers reported a phishing attack on December 4th, 2024, where malicious emails purportedly from the…

15 hours ago