Check Point, an Israel-based security firm, discovered a software vulnerability in the WhatsApp messenger Internet platform, the company reported on Tuesday.
The popular smartphone messaging app introduced it’s Internet platform, WhatsApp Web, earlier this year for use on Windows and Android phones. The service was also made available to iPhone users last month. The Internet platform allows the user to send and receive messages in a similar manner to the smartphone application.
The WhatsApp Web platform has a software vulnerability that could allow hackers to compromise computer systems by downloading malware including ransomware, bots, and remote access tools onto the user’s PC, Check Point stated.
“To target an individual, all an attacker needs is the phone number associated with the account.”
Whatsapp allows users to download any media that can be sent as an attachment including photos, videos, audio files, locations and contact cards.
The vulnerability was essentially created due to improper filtering on contact cards. Attackers could infiltrate a PC by sending a seemingly innocent contact that “most users would click immediately without giving it a second thought,” said Check Point.
Clicking on the contact card instantly downloads a file that immediately runs on the computer in use.
Check Point discovered the vulnerability in the software and reported it directly to WhatsApp.
“WhatsApp has verified and acknowledged the security issue and has developed a fix for web clients worldwide,” reported Check Point.
Last week WhatsApp announced they had reached 900 million active users a month. Check Point estimated that at least 200 million people use the WhatsApp Web interface.