If you're sending a "View Once" message,?? ?? ?? photo, or video through WhatsApp, don't be so sure that the receiver can't view it again.
Security researchers with crypto wallet ZenGo recently discovered a bug that allowed WhatsApp users to view "View Once" messages as many times as they liked.
SEE ALSO: Meta updates WhatsApp and Messenger third-party chats in EuropeIn response, WhatsApp patched the issue. But, ZenGo researchers then discovered another exploit in WhatsApp's temporary fix that once again allowed them to access these messages that had supposedly disappeared.
WhatsApp launched its View Once feature in 2021. View Once allows users to send texts, photos, and videos that disappear after the recipient initially accesses them.
Furthermore, to ensure the ephemeral nature of these messages, WhatsApp disables screenshots from being used in the app on View Once messages through iOS and Android. In addition, WhatsApp limits View Once messages to the mobile apps only.
However, in a post last week, ZenGo Security Research Manager Tal Be'ery detailed an exploit that allowed his team to access View Once messages over and over again.
Basically, as Be'ery explains, the View Once messages are only restricted from view in the mobile apps after being viewed. The media continues to exist on WhatsApp's servers. If a user can find the URL for the media file, they can access the message or media file that was supposed to have disappeared.
Be’ery went through the official channels with WhatsApp's parent company Meta and reported the exploit through their bug bounty program on August 26. It was too late though. Be'ery soon found that the bug was already in the wild, as a Chrome extension popped up allowing users to access their already-viewed View Once messages through WhatsApp's web app. ZenGo went public with the exploit and published their report last week on Sept. 9.
It appears the issue has been taken seriously by Meta, at least after Be’ery went public with the exploit. Meta appears to have released a fix for the WhasApp View Once bug on Sept. 12.
According to a new reportby Be'ery, Meta's patch "changes the way View Once media messages are saved to the application’s databases and redact some of the information that enables the media viewing."
The fix appears to have broken the previously mentioned "View Once Photos Bypass" Chrome extension as well.
This Tweet is currently unavailable. It might be loading or has been removed.
But, the fix is "still not enough," according to Be'ery and can be exploited with a workaround. In fact, as Be'ery discovered, the creator of the View Once bypass Chrome extension published an update saying that they've already discovered a new exploit in order to once again access View Once media.
Be'ery also publisheda video showing how View Once messages are still accessible.
Meta told Mashable that it's taking multiple steps to deal with the View Once issue. The initial fix was meant to be temporary as Meta restructures how View Once works in WhatsApp on the web.
"As we said before, we are in the process of rolling out multiple updates to View Once on web," a WhatsApp spokesperson told Mashable. "Those additional updates are forthcoming."
UPDATE: Sep. 18, 2024, 2:04 p.m. EDT This piece has been updated with a statement and additional information from Meta.
Topics Cybersecurity Social Media WhatsApp Meta
‘Real Miyagi’ Documentary Released on DVD
Intolerant India
Which streaming service should you cancel? All of them (most of the time).
The Loss of Tatas
INTO THE NEXT STAGE: Asian Americans on the Radar, for Better & Worse
Vegan Nation
NYT Strands hints, answers for September 27
Ajax vs. Besiktas 2024 livestream: Watch Europa League for free
Okinawan Spirituality Lecture in Gardena
'Oddity' review:?Your new horror obsession has arrived
Velas Takes a Critical Step In The Fight Against Climate Change
Spotify's Synched Feeds allows creators to display their free and subscriber
Vegan Nation
The Dunderhead from Indiana
‘Stay Melty’ Book
Intolerant India
The UN is calling for global cooperation on AI. Is it too late?
Revolt of the Super-Employees
Cold Tofu at Maryknoll
Best Amazon deals of the day: Blink Mini 2, Apple Watch Series 10, GE Profile Opal 2.0 ice maker
Kevin Conroy, the iconic voice of Batman, has died at age 66Dating trends to expect in 2023, according to Bumble'Quordle' today: See each 'Quordle' answer and hints for November 20'Quordle' today: See each 'Quordle' answer and hints for November 11Kevin Conroy, the iconic voice of Batman, has died at age 66How to use Twitter without giving Elon Musk your user data by browsing without a loginInstagram Influencer Ramon Abbas jailed over massive fraudApple redesigns iCloud.com to make it far more customizableAirbnb freshens up home categories and adds host setup tools'Quordle' today: See each 'Quordle' answer and hints for November 20 Kouraku Quietly Changes Ownership Cold Tofu Saying Farewell to 25 APAFT Hosts Theater Party for Scholarship Winners CAPAC Members Mark 41st Anniversary of Murder of Vincent Chin Pursuit Ends in Little Tokyo; Two Suspects Still at Large STYLE Protocol Launches Staking Feature BeInCrypto Launches SheVerified Campaign to Spotlight and Empower Women in Web3 Panel on Asian Americans in Entertainment to Feature Star Juneteenth 2023: A Day for Reflection, a Call for Reparations As Opening Looms, Little Tokyo Peeks Beneath New Station
0.2167s , 9833.5390625 kb
Copyright © 2025 Powered by 【?? ?? ??】WhatsApp 'View Once' messages are far more permanent than you realize (at least for now),Feature Flash
