WhatsApp users are advised to take precautionary measures following a recent security flaw discovery. The popular messaging app was brought under scrutiny after a vulnerability was found that could potentially allow hackers to access personal information by sending files directly to users’ devices. The security concern, initially identified by Google’s Project Zero team, is linked to the app’s automatic download feature, which saves media files instantly upon receipt.
It is suspected that cybercriminals have been creating fake group chats to lure unsuspecting users into joining. Once a user accepts the invitation, malicious files are downloaded without their knowledge.
The extent of the impact remains unknown, raising concerns among the app’s billions of daily users.
In response to the bug, WhatsApp swiftly released a patch to mitigate further infections. However, the incident underscores the risks associated with enabling automatic downloads on devices.
To ensure security, users are encouraged to implement a quick settings adjustment and verify they are using the latest version of WhatsApp on their devices.
A key recommendation, as suggested by cybersecurity experts at Malwarebytes, is to disable Automatic Downloads or activate WhatsApp’s Advanced Privacy Mode in the settings. This setting prevents media files from being automatically downloaded to users’ devices in the future.
To disable downloads, users can navigate to the settings within WhatsApp on their Android devices, access the three-dot menu in the top-right corner, and proceed to the Settings section. Within the Storage and data menu, users can locate the Media auto-download settings for mobile data, Wi-Fi, and roaming connections and uncheck media types such as Photos, Audio, Videos, and Documents.
Verifying that each category displays “No media” under it confirms the changes have been successfully applied.
Additionally, restricting who can add users to groups can enhance security as the recent attack method requires attackers to add users and their contacts to new groups. By limiting who can perform this action, the risk is minimized.
Users can adjust these settings by navigating to Privacy in the WhatsApp settings and selecting Groups. Changing the settings from Everyone to My contacts or My contacts except… and excluding untrusted numbers is advised.
For users utilizing WhatsApp for professional purposes, maintaining strict control over group memberships by only allowing known contacts and approved administrators can enhance security measures.