With more than 30 billions of chat sent every day, WhatsApp has become the global-leading messaging app. Millions of people change their default messaging app to WA. They send billions of text, image, and videos everyday for almost free. There’s a lot of excitement there. The problem is: not everyone wants to turn on their device every time they received a message. Most of WA users spend their time in front of their PC. So, the company thought, what if we launch WA web?
January 21st, 2015 was the day the world got the new version of WA: WhatsApp web. Everyone put their hope in the new platform until they realize it is just a mirrored version of the mobile app. It means you need to have the mobile app and internet connection before using the web service.
Just like its mobile app, the new web service started gaining popularity. However, as it rises, so does the security threat. We found vulnerabilities in the system.
How the Attack Works in WhatsApp web?
Sometimes, an attack doesn’t require complex malicious script. Sometimes, all it needs just an “innocent” contact card or vCard. The card is planted with malicious code. Therefore, once the user opens the vCard in WA web, he/she also opens the malicious code (.exe) file. What happens next? The file will infect the user’s computer with malware and compromise the system. The more loads it delivers, the worse your system will become.
Your phone number is the key to the attack. Once you installed WhatsApp in your device, the attacker can deliver the payload.
Should you be concern? With more than 800 million of active users in April 2015, yes, you should be. Once the malware infected your device, the attacker can extract all your personal information. Let’s not forget about what they did with Ashley Madison and PlentyOfFish. If they want, the attack could be worse.
Should WhatsApp do something? They already did. The company was aware of the situation and discovered the flaw. Luckily, they applied the fix not long after the incident. With the latest update, you should not be worry about this flaw again.
While we must appreciate the company for its effort, we must remember that the solution is temporary. It won’t fix the problem as the new ones will come. The best way to ensure your security on the web is by having a VPN. There are two reasons for this. First, it encrypts your data transmission. Nothing gets in and out, unless you command it so. Second, it shields your system from any malicious program. With VPN, you control your own security.
VPN can keep you safe. There is no doubt about that. However, please remember whilst there are many of them you can pick, we recommend choosing the one you can trust. If you don’t know which one to try, we recommend VPN Asia to keep your WhatsApp Web safe.