Hacker Uncovers Flaw in WhatsApp’s “View Once” Feature, Allowing Unlimited Views

A cybersecurity researcher recently reported a vulnerability in WhatsApp’s privacy-oriented “View Once” feature, which allows users to send media that disappears after a single viewing.

Designed to enhance privacy, the feature promises to delete sensitive content immediately after it is viewed.

However, the researcher discovered a flaw that enables media sent through this feature to remain accessible, raising concerns over the app’s privacy mechanisms.

Discovery of the Flaw

The flaw was identified during a routine exploration of WhatsApp’s storage behavior. According to the researcher, the vulnerability becomes apparent in the app’s “Manage Storage” section.

When a “View Once” image is viewed, it is supposed to vanish immediately.

However, by navigating through WhatsApp’s settings to Storage and Data > Manage Storage and selecting the particular sender’s chat, the content can still be found in the storage logs sorted by “newest.”

The media remains accessible instead of disappearing, undermining the very purpose of the feature.

Meta’s Response to the Report

The researcher responsibly disclosed the issue to Meta, the parent company of WhatsApp, through its bug bounty program.

However, the response from Meta was underwhelming. According to the researcher, Meta acknowledged awareness of the issue, stated that a fix was already in development, and declined to award a bounty for the report.

This interaction highlights a common challenge ethical hackers face when reporting vulnerabilities that have already been identified by organizations.

Despite the lack of a reward, the researcher expressed satisfaction that a solution is being implemented.

This vulnerability raises significant privacy concerns. As the “View Once” feature is often used to share sensitive content, any failure in its implementation can erode user trust.

The bypass allows images to be retained, creating the potential for misuse.

This flaw demonstrates the importance of rigorous testing for features that are explicitly marketed as privacy-centric.

Even minor gaps in functionality can have wide-reaching consequences, especially for users who rely on such features to safeguard personal or sensitive information.

This case serves as a reminder of the critical importance of thorough testing in developing privacy features.

For users, it underscores the need for a cautious approach when sharing sensitive media on digital platforms.

For developers, the incident highlights the necessity of proactively identifying and addressing potential vulnerabilities before launch, as well as the value of external security researchers in uncovering overlooked flaws.

While Meta’s “View Once” feature has good intentions, this incident reveals that privacy features are only as reliable as their implementation.

Collaboration between companies and ethical hackers remains key to addressing such issues promptly and effectively.

Also Read:

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here