.webp "WhatsApp’s View Once Feature Flaw Exploited in the Wild")
.webp&description=WhatsApp%E2%80%99s+View+Once+Feature+Flaw+Exploited+in+the+Wild){kind=link}
The critical flaw in WhatsApp’s “View Once” feature, which aims to enhance user privacy by allowing media to be viewed only once before disappearing, has been uncovered by the Zengo X Research Team. This flaw, now being exploited in the wild, raises serious concerns about the security of this globally renowned instant messaging app.
The Zengo X Research Team, as part of their continuous security research effort, identified a simple way to bypass the “View Once” feature. Despite responsibly disclosing these findings to Meta, WhatsApp’s parent company, the team decided to make the issue public following the discovery of active exploitation.
The flaw enables media intended to be viewed once to be downloaded and shared without restrictions, undermining the feature’s intended privacy protections. This revelation has unveiled a trivial flaw in the implementation of the “View Once” feature, enabling recipients to access and share the media freely through various means, including altering the “view once” flag.
Moreover, the flaw allows access to the media without authentication if the media URL and decryption key are known, rendering it impossible to control exposure to specific environments. Additionally, the media remains accessible on WhatsApp servers for up to two weeks, contrary to expectations that it would be deleted immediately after viewing.
The exploitation of this flaw has been previously identified and leveraged by individuals who have developed modified WhatsApp clients or web extensions to toggle the “view once” flag, allowing unrestricted access to the media. The existence of such solutions, discussed in online forums for over a year, highlights the urgency for Meta to address this vulnerability promptly.
The unearthing of this flaw underscores the pressing need for robust security measures in digital communication platforms. As individuals increasingly rely on these platforms for private communication, ensuring their security is imperative. Meta has yet to issue a public response to these findings, leaving users in uncertainty about the safety of their private communications on WhatsApp.
The significance of this flaw discovery by the Zengo X Research Team cannot be overstated, serving as a poignant reminder of the persistent challenges in digital privacy and security. Users are advised to exercise caution and stay informed about updates and patches from WhatsApp to safeguard their privacy.
In conclusion, the exposure of this critical flaw in WhatsApp’s “View Once” feature sheds light on the evolving landscape of digital security and the continuous need to bolster protections in digital communication platforms. The responsibility lies not only on tech giants like Meta but also on individual users to remain vigilant and informed to secure their digital privacy effectively.