Skip to main content

This WhatsApp security flaw could have let hackers access all your chats

WhatsApp logo shown on a smartphone
(Image credit: Alex Ruhl / Shutterstock.com)

A security vulnerability in popular messaging app WhatsApp’s image filter function, enabled cybersecurity researchers to read sensitive information from the memory of the app.

According to a report by Check Point Research (CPR), malicious users could exploit the vulnerability by applying specific image filters to a specially crafted image.

As per recent estimates, WhatsApp clocks about 2 billion active users every month and reportedly ferries over 55 billion messages daily, along with 4.5 billion photos, and one billion videos shared per day.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix,” said Oded Vanunu, Head of Products Vulnerabilities Research at CPR.

Bad image

CPR explains that image filtering is the process through which pixels of the original image are modified to achieve certain visual effects, such as blur or sharpen. 

During their research study, CPR learned that switching between various filters on crafted GIF files caused WhatsApp to crash. Upon further investigation it was discovered that one of the crashes was CPR identified one of the crashes as the result of memory corruption. 

CPR reported the problem to WhatsApp, who classified it as an out-of-bounds read and write issue, and tracked it as CVE-2020-1910, before deploying a fix in February 2021 

“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app,” noted WhatsApp in a statement, adding that it saw no evidence of abuse related to this vulnerability.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.