WhatsApp bug causes Screen Lock Bypass

February 22, 2019 | Expert Insights

A security bug is allowing users to bypass new privacy controls introduced by WhatsApp on iPhones. The bug that only affects devices running iOS causes the application to open without the biometric verification, bypassing the privacy update.

Background

WhatsApp Messenger is a freeware and cross-platform messaging and Voice over IP service owned by Facebook. The application allows the sending of text messages and voice calls, as well as video calls, images and other media, documents, and user location.

The service, which has around 1.5 billion users, has been trying to find ways to stop misuse of the app, following global concern that the platform was being used to spread fake news, manipulated photos, videos without context and audio hoaxes, with no way to monitor their origin or full reach.

The disclosure comes as messaging and other applications race to improve security and privacy. The update is a part of Facebook Inc. addressing criticism for not safeguarding privacy.

Analysis

WhatsApp's new privacy feature allows iPhone users to require Touch ID or Face ID to open the app. But users were able to bypass those log-in methods by using the iPhone's "share" function to send files over WhatsApp.

The glitch occurs if the user selects any option other than "Immediately" inside WhatsApp Settings -> Account -> Privacy -> Screen Lock. The other options include 'After 1 minute', 'After 15 minutes', and 'After 1 hour'. 

This isn’t the first time WhatsApp had a bug in their updates. During the January update for Android, a bug was discovered which continued to save the last message you have replied even after exiting the app. While this is not as serious as a security bypass it goes to show that the developers have been careless.

WhatsApp has recently been changing many of their policies. The app’s end-to-end encryption allows groups of hundreds of users to exchange texts, photos and video beyond the oversight of independent fact checkers or even the platform itself. In January 2019, they started limiting forwards to 5 people in order to curb the spread of misinformation and rumors.

Last month, a privacy flaw with Apple's FaceTime group video chat software was discovered, which allowed iPhone users to see and hear others before they accept a video call. Apple rolled out an iOS update to fix the issue.

“We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to ‘immediately,’” a WhatsApp spokesperson said by email.

Apple takes the privacy of its customers very seriously. They don’t cooperate even with government agencies who need them to unlock phones. Apple has fought and won a case against the FBI in 2016, when they were asked by the latter to unlock a phone belonging to a terrorist in San Bernardino. They haven’t succumbed to the pressure of U.S National Security Agency (NSA) to share details regarding their customers. 

Assessment

Our assessment is that the bug affecting WhatsApp does not affect the operating system. The messenger service’s developer is working towards a solution and has released a statement about the same. Apple has not changed its Privacy stance and hasn’t commented about the bug. 

Comments

Leave A Comment

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.