WhatsApp Web Security Flaw Puts 200 Million At Risk

A bug in the web version of WhatsApp could leave 200 million open to hacking according to security firm Check Point.

The flaw introduces dangerous code such as ransomware into computers potentially immobilising devices until users pay a required sum of money to hackers.

It is important to note the bug is only reported to affect the web version of WhatsApp and not the mobile app.

In a blog post, Check Point stated it notified WhatsApp of the flaw, who have now responded with a fix.

The firm urged the public to update their WhatsApp software immediately to protect their computers.

WhatsApp for web works like its mobile version, allowing messages including images, videos, audio files, locations and contact cards.

The problem, according to Check Point researchers, lies in the 'vCard' format containing contact information.

Security researcher Kasif Dekel said hackers could target computers by disguising dangerous code as a vCard.

Since there is no way to differentiate between the flawed and real versions of these cards, victims could easily click and download ransomware and other types of malware.

All a hacker would need is a person's phone number.

Check Point alerted WhatsApp to the problem on August 21 and they responded on August 27 with a fix.

“Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client” said Oded Vanunu, Security Research Group Manager at Check Point.

Earlier this month, WhatsApp said it had hit 900 million monthly users.