Security experts recommend changing settings after Google researchers discovered a vulnerability that allowed hackers to send malicious files through group chats
All WhatsApp users put on high alert and told to switch off one setting today(Image: GETTY)
Anyone using WhatsApp on their mobile might want to check their settings following fresh security guidance. The enormously popular messaging platform has recently faced scrutiny after a concerning vulnerability was uncovered that could enable hackers to gain access to private information by transmitting malicious files straight to users’ devices.
The problem, initially spotted by Google’s Project Zero team, relates to WhatsApp’s automatic media download function, which immediately stores files on devices without requiring any user action.
Cunning cybercriminals are believed to have taken advantage of this feature by setting up fraudulent WhatsApp group chats and encouraging unwitting users to participate. Should an invitation be accepted, compromised files could be downloaded automatically, with the user remaining completely unaware that anything was amiss.
While it remains uncertain precisely how many individuals may have been affected by the problem, the discovery of the attack raises alarm, considering the billions of users who rely on WhatsApp daily.
WhatsApp has confirmed it has now issued a patch to block future attacks, but the incident has again underlined the dangers of permitting automatic downloads on mobile devices. For extra reassurance, users are recommended to verify they are operating the most recent version of the app and to implement a few straightforward adjustments to their settings, reports the Express.
Security specialists at Malwarebytes are now advising users to disable automatic media downloads or activate WhatsApp’s Advanced Privacy Mode. This stops photos, videos and documents from being automatically saved to your device.
Below is the most recent guidance from Malwarebytes and instructions on how to turn off automatic downloads.
“Google’s Project Zero has just disclosed a WhatsApp vulnerability where a malicious media file, sent into a newly created group chat, can be automatically downloaded and used as an attack vector,” Malwarebytes explained.
“The bug affects WhatsApp on Android and involves zeroclick media downloads in group chats. You can be attacked simply by being added to a group and having a malicious file sent to you.
“According to Project Zero, the attack is most likely to be used in targeted campaigns, since the attacker needs to know or guess at least one contact. While focused, it is relatively easy to repeat once an attacker has a likely target list.”
To disable automatic downloads on Android, launch WhatsApp and select the three-dot menu in the top-right corner, then choose Settings. Navigate to Storage and data.
Within Media auto-download, you’ll find options for When using mobile data, When connected on Wi-Fi, and When roaming.
Select each option individually and untick all media types—Photos, Audio, Videos and Documents—then press OK. When finished, each category should show “No media.”
Malwarebytes also recommends limiting who can include you in WhatsApp groups, as this sort of assault depends on attackers adding victims to new group chats.
To accomplish this, open Settings, tap Privacy, then Groups. Alter the setting from Everyone to My contacts, or ideally My contacts except…, and exclude any numbers you don’t completely trust.
If you utilise WhatsApp for work, it’s particularly crucial to restrict group access to recognised contacts and authorised administrators only.
As previously stated, one of the best actions you can take is to keep your apps up-to-date and ensure the latest version is installed.
Join our Dublin Live breaking news service on WhatsApp. Click this link to receive your daily dose of Dublin Live content.
We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.
For all the latest news from Dublin and surrounding areas visit our homepage.