Tuesday, 15 September 2015

Dangerous Flaw in WhatsApp Web: vCard Vulnerability


Dangerous Flaw in WhatsApp for Web Version. Hackers can easily hack your device and inject malware.
Around 900 million People active users out of which 200 million users are at Risk.
The Vulnerabilities were discovered by security Researcher Kasif Sekel at Checkpoint which allows attackers to tale benefit of v Card contact card format to malware's to non-tech (unsuspected) users.




WhatsApp Web is a technology that replicates the WhatsApp mobile app experience within a web browser. The web interface allows users to view and respond to text messages, videos etc.

This Web based version of WhatsApp has a vulnerability to an exploit that allow hacker’s (through Social Engineering) to install malware on their machine.

Hackers would just send them a small, apparently innocent contacts file — which, when opened, would allow hackers to run malicious code and leave them open to being hit by code that could take control of their computer, viewing what they are doing or spread viruses.

Working of What-app Exploit


Hackers only need to know the victim's Phone number associated with WhatsApp web account.

  • An apparently tamed v Card (Contact Number) is send to the victim. The v Card riddled with a malicious code.
  • The victim who launches that executable file will be infected with that malware.
  • The contents of malware contains Ransom ware, bot-nets, RAT (Remote access Tools) and other malicious code. 

 What it does?       

  • Get complete access of the victim's machine.    
  • Monitor user activities
  • Spread Malware's

Need not worry Fix is Ready


All versions of WhatsApp Web after version 0.1.4481 already contain the fix for the vulnerability.