September 17, 2024 at 08:24PM
Meta’s attempt to prevent unauthorized access to WhatsApp’s View Once messages was circumvented by white-hat hackers within a week. The feature, designed to ensure message privacy, relied on digital rights management but was found to be vulnerable on certain operating systems. Despite Meta’s initial fix, security concerns remain unresolved.
Based on the meeting notes, the key takeaways are:
– Meta’s fix to stop people from repeatedly viewing WhatsApp’s View Once messages has been quickly overcome by white-hat hackers, posing a significant security challenge.
– The View Once feature, introduced for privacy in August 2021, has a security flaw allowing for the revival of self-destructed content.
– Zengo, a cryptowallet startup, discovered and publicized methods to bypass the View Once protection, prompting WhatsApp to initially update its code to address the issue. However, Zengo found that the fix was not sufficient and exploitable pathways still exist.
– A developer of a View Once exploit has confirmed finding a mechanism to bypass the updated WhatsApp code and plans to release a new extension, highlighting the ongoing vulnerability.
– Zengo co-founder expressed dissatisfaction with Meta’s response and bug bounty program, emphasizing the need for improved communication and a more comprehensive code revamp to address the core issue.
– Despite Meta’s decline to comment, sources indicate that the fix was intended as an interim measure and that a more comprehensive code revamp is underway.
Overall, it’s evident that the security vulnerability in WhatsApp’s View Once feature remains a critical concern, and a more comprehensive solution is required to address the underlying issue.