WhatsApp bug exposes users to saved View Once media

A security researcher, Tal Be’ery, discovered a significant flaw in WhatsApp's 'View Once' feature, which is intended to allow users to send ephemeral media that disappears after being viewed. This bug, found in the web app version of WhatsApp, enables malicious users to save and display images and videos that should vanish immediately. Be’ery demonstrated this vulnerability to TechCrunch, highlighting the false sense of security it creates for users. The feature was designed to work exclusively on mobile apps, with additional protections against screenshots and screen recordings. Be’ery reported the issue to Meta, WhatsApp's parent company, on August 26, 2023. Following this, WhatsApp acknowledged the problem and stated that updates to the 'View Once' feature for the web app were already in progress. The researcher emphasized the importance of genuine privacy in communication, arguing that the current implementation misleads users into believing their messages are secure. The discovery of this bug is not isolated; there are existing browser extensions that facilitate bypassing the 'View Once' feature, and discussions about exploiting this vulnerability have been circulating on social media. This raises concerns about the overall security of WhatsApp's privacy features and the potential for misuse by malicious actors. WhatsApp has encouraged users to send 'View Once' messages only to trusted contacts while they work on fixing the issue. The lack of a clear timeline for the updates leaves users vulnerable in the meantime, underscoring the need for robust privacy measures in digital communication.