Security researchers have discovered a software vulnerability affecting the Web version of WhatsApp that would enable hackers to hijack and remotely control users' desktop computers with just their mobile numbers.
Users of the WhatsApp Web app are advised to update the app as soon as possible and clear their browser cache in order to prevent hackers from being able to install malware on their desktop computers.
The WhatsApp Web app is a mirror version of the WhatsApp mobile app, enabling all messages, images and other content received over WhatsApp on iOS, Android, Windows Phone, Nokia, BB10 and BlackBerry devices to be shown and accessed from a desktop computer. According to the most recent statistics released by WhatsApp in January, there are now over 200 million active users on WhatsApp Web, which contrasts with the 900 million who currently use the mobile app.
An infected vCard can take over your computer
According to security firm Check Point, all a hacker needs to do to gain access to a computer is to have a user's mobile number and send them a vCard, which is an easy way to send contact details from one device to another.
If the vCard contains malicious code, once it is opened, it can then distribute malware, bots or even ransomware onto the user's computer. Ransomware, a particularly nasty strain of malware, locks down computers and holds users to ransom, demanding users pay a fine or face having all their data wiped off their machine.
Check Point contacted WhatsApp about the security vulnerability on 21 August and WhatsApp began rolling out fixes for the web client across the globe on 27 August.
All versions of WhatsApp Web after v0.1.4481 contain the fix for the vulnerability, but just in case your app has not been updated, or you are using a previous version of the app, you are advised to update it immediately and clear your browser cache as well to be safe.
Update your WhatsApp Web app as soon as possible
"Thankfully, WhatsApp responded quickly and responsibly to deploy an initial mitigation against exploitation of this issue in all web clients, pending an update of the WhatsApp client," said Oded Vanunu, Security Research Group Manager at Check Point.
"We applaud WhatsApp for such proper responses, and wish more vendors would handle security issues in this professional manner. Software vendors and service providers should be secured and act in accordance with security best practices."
WhatsApp has not yet disclosed the flaw to its users. IBTimes UK has contacted WhatsApp for comment and is waiting for a response.