Cyber Security News

WhatsApp’s “View Once” Feature Flaw Exploited in the Wild

The Zengo X Research Team has uncovered a critical flaw in WhatsApp’s “View Once” feature, designed to enhance user privacy by allowing media to be viewed only once before disappearing.

This flaw, now exploited in the wild, raises significant concerns about the security of the world’s most popular instant messaging app.

Discovery and Disclosure

The Zengo X Research Team, as part of their ongoing security research, identified a trivial way to bypass the “View Once” feature.

Despite responsibly disclosing these findings to Meta, WhatsApp’s parent company, the team decided to make the issue public after discovering active exploitation.

The flaw allows media intended to be viewed once to be downloaded and shared without restriction, undermining the feature’s intended privacy protections.

WhatsApp’s “View Once” feature explained within the app

Technical Insights into the Flaw

The “View Once” feature is supposed to prevent recipients from saving, forwarding, or taking screenshots of media.

However, the Zengo X Research Team found that the implementation is flawed. The media is sent to all recipient devices, including web applications, where “View Once” is not supported.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

By altering the “view once” flag, the media can be transformed into regular media, allowing it to be downloaded and shared freely.

View once” explained within the WhatsApp application

Furthermore, the media can be accessed without authentication if the media URL and decryption key are known.

This makes it impossible to limit exposure to controlled environments. Some messages contain low-quality previews that can be viewed without downloading the media.

The media remains accessible on WhatsApp servers for up to two weeks, contrary to expectations that it would be deleted immediately after viewing.

Exploitation in the Wild

Others have identified and exploited the flaw. Some have developed modified WhatsApp clients or web extensions that toggle the “view once” flag, allowing unrestricted access to the media.

According to GitHub timestamps, these solutions have been discussed in online forums and have been available for over a year. The ease of exploitation highlights the urgency for Meta to address this vulnerability.

Multiple reports to Meta’s security program

Why This Matters

While some may argue that the “View Once” feature was never entirely secure, as recipients could always use another device to capture the media, the digital bypass of this feature poses more significant risks.

Digital copying allows for exact replicas, scalability, and instant copying, which are impossible with manual methods.

This facilitates unauthorized distribution and complicates attribution and non-repudiation, as the original sender can no longer deny sending the media.

Exploiting this flaw underscores the need for robust security measures in digital communication platforms. As users increasingly rely on these platforms for private communication, ensuring their security is paramount.

Meta has yet to respond publicly to these findings, leaving users uncertain about the safety of their private communications on WhatsApp.

The Zengo X Research Team’s discovery of this flaw serves as a critical reminder of the ongoing challenges in digital privacy and security.

Users are advised to exercise caution and stay informed about updates and patches from WhatsApp to protect their privacy.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

PAN-OS Command Injection Flaw Lets Hackers Execute Arbitrary Code Remotely

Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-0127) in its PAN-OS software, enabling authenticated…

4 seconds ago

Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums

Trend Micro, a cybersecurity firm, has released its 50th installment report on the Russian-speaking cybercriminal…

10 hours ago

SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool

The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting…

11 hours ago

Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA

Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass…

11 hours ago

Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms

Threat actors are exploiting weaknesses in SMS verification systems to generate massive, fraudulent message traffic,…

12 hours ago

Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens

The cyber threat landscape has witnessed remarkable adaptation from the notorious hacker collective known as…

12 hours ago