A new security bug discovered in WhatsApp could expose Android users to cyberattacks simply by being added to a group. Google’s Project Zero team has advised users to be vigilant.
The messaging platform WhatsApp is once again in the spotlight regarding security and privacy. Recently, a lawsuit alleged that Meta itself can read WhatsApp users’ chats. Once considered the most secure and trustworthy app, it is now facing serious questions. Amidst growing privacy concerns, a new report has emerged that could further exacerbate users’ worries.
Google’s security research team, Project Zero, has uncovered a serious bug in WhatsApp. This vulnerability allows Android users to be subjected to a cyberattack simply by being added to a WhatsApp group. The attack utilizes a malicious media file that automatically downloads to the phone without any user interaction.
Details of the discovered bug
According to Project Zero, if a malicious media file is sent to a newly created group, the file can auto-download and become the vector for the attack. The most concerning aspect is that the user doesn’t need to click on any link or open the file. This is why it’s being called a zero-click attack.
Researchers believe that this attack can be carried out on targeted users. The attacker needs to know at least one of your contacts so they can add both you and that contact to the same group. Once a potential target is identified, repeating this type of attack becomes easy.
Users must remain vigilant
The most important step for security is to disable automatic media downloads in WhatsApp. This will prevent any photos, videos, audio, or documents from downloading to your phone without your permission. Additionally, preventing WhatsApp media from saving to your phone’s gallery also reduces the risk.
Users should also control who can add them to groups. Changing the Groups option in Privacy settings from ‘Everyone’ to ‘My contacts’ or ‘My contacts except…’ reduces the risk of being added to groups by unknown individuals.
