TechnologyWhatsApp Fixes Bug In View-Once Feature, But Unencrypted User Data Can Be At Risk
ADVERTISEMENT

WhatsApp Fixes Bug In View-Once Feature, But Unencrypted User Data Can Be At Risk

Users should update to the most recent version of the encrypted messaging app, which fixes the security flaw.

11 Dec 2024, 05:27 PM IST i
NDTV Profit
NDTV Profit
<div class="paragraphs"><p>WhatsApp has reportedly resolved a significant vulnerability in its view-once privacy feature, which allowed cyber criminals to bypass its privacy security&nbsp;(Source: katemangostar/Freepik)</p></div>
WhatsApp has reportedly resolved a significant vulnerability in its view-once privacy feature, which allowed cyber criminals to bypass its privacy security (Source: katemangostar/Freepik)

WhatsApp has reportedly resolved a significant vulnerability in its view-once privacy feature, which allowed cyber criminals to bypass its privacy security. However, the solution may inadvertently put user data at risk.

The view-once feature, first introduced in 2021, allows users to transfer media that can only be viewed once. Images or videos typically vanish after being viewed. By stopping receivers from sharing, copying, taking screenshots or forwarding potentially sensitive content like media, the view-once function aims to improve privacy. 

However, a security researcher had discovered that modified WhatsApp Web clients were taking advantage of this functionality to bypass security. Browser extensions that slightly modified WhatsApp Web could be used to get around the security. The weakness then allowed disappearing messages to be saved, effectively rendering the view-once feature moot.

According to reports, WhatsApp has "rolled out a longer-term fix that resolved the issue". According to the company, users should update to the most recent version of the encrypted messaging app, which fixes the security flaw. Additionally, users should limit view-once messages to individuals they know and can trust.

Tal Be'ery, the security researcher who discovered the problem with the view-once feature, wrote on X: "The fix indeed addresses the root cause properly, so we are happy we were able to make the world a little safer!"

Be'ery explained that by including a view-once flag in the unencrypted metadata, WhatsApp was able to address the privacy issue.

However, the solution adds more unencrypted metadata, which could put users' privacy at additional risk. More unencrypted metadata is de facto exposed to the WhatsApp server as a result of the solution. According to Be'ery, this could lead to other privacy issues.

"The fix highlights the known, yet often overlooked, fact that E2EE protects messages' content but not their metadata," Be'ery wrote in a blog post. "WhatsApp traded-off user increased privacy against receiver unauthorised view-once content access, against reduced privacy for unauthorised view-once metadata access on WhatsApp server."

ALSO READ

In 2025, 85% Of Customer Service Leaders Will Explore Conversational Generative AI: Survey
Opinion
In 2025, 85% Of Customer Service Leaders Will Explore Conversational Generative AI: Survey
Read More
Watch LIVE TV, Get Stock Market Updates, Top Business, IPO and Latest News on NDTV Profit.
OUR NEWSLETTERS
By signing up you agree to the Terms & Conditions of NDTV Profit
ADVERTISEMENT