Question: What happens when security is an afterthought instead of a core value?
Answer: Users are placed at risk.
Whatsapp, the Facebook owned cross platform messenger, has exploded in popularity over recent years. Whatsapp anounced that they have reached 900 million active users a month. How have they done this? By rushing out new features, and with the power of facebook of course.
One of those new features is the Whatsapp Web Interface, allowing people to chat from their computers just as they do on their mobile device. We BBM users on BlackBerry devices know the convenience of this through BlackBerry Blend, however this is something that has yet to go cross platform. The Whatsapp Web Interface seems to be gaining popularity in the cross platform crowd as more than 200 million users are estimated to be using it. These are the users that have been at risk.
Check Point yesterday revealed in a blog post a massive vulnerability in the Whatsapp Web Interface based around vCards. The vCard is simply a standard format for contact information, easily and commonly shared through various means. However with the Whatsapp Web Interface, did no filtering of the vCard, and while a user may receive a vCard that looked like a standard vCard, the vCard could actually have an executable script inside which the computer would run upon opening.
In an interesting turn, Whatsapp Web Interface allowed evildoers to send files to unsuspecting users which could do any number of things dependent on the executable file chosed by the evildoer. Thanks to Whatsapp, this time hackers didn’t need to put in the effort to break in to your computer, they merely needed your phone number.
Whatsapp did respond quickly to this hack, there is already a fix in place if the user has updated to the newest version, but one must question, if it was such an easy hack, how many were unknowingly affected? And how many other back doors have been left wide open?
As always, we at UTB utilize BBM. With our growing community and members literally located across the globe, we’ve never suffered any downtime. We can have boring business conversations or fun sticker filled chats. We will not be bothered by those we don’t wish to speak to as we are not phone number based and must allow those that want to add us. And most important of all, we know that we are safe using it, as BlackBerry places security first, as opposed to something that can be fixed later.
Thanks to Back-2-Black for placing this news in our forums.