If you're sending a "View Once" message,?? ?? ?? photo, or video through WhatsApp, don't be so sure that the receiver can't view it again.
Security researchers with crypto wallet ZenGo recently discovered a bug that allowed WhatsApp users to view "View Once" messages as many times as they liked.
SEE ALSO: Meta updates WhatsApp and Messenger third-party chats in EuropeIn response, WhatsApp patched the issue. But, ZenGo researchers then discovered another exploit in WhatsApp's temporary fix that once again allowed them to access these messages that had supposedly disappeared.
WhatsApp launched its View Once feature in 2021. View Once allows users to send texts, photos, and videos that disappear after the recipient initially accesses them.
Furthermore, to ensure the ephemeral nature of these messages, WhatsApp disables screenshots from being used in the app on View Once messages through iOS and Android. In addition, WhatsApp limits View Once messages to the mobile apps only.
However, in a post last week, ZenGo Security Research Manager Tal Be'ery detailed an exploit that allowed his team to access View Once messages over and over again.
Basically, as Be'ery explains, the View Once messages are only restricted from view in the mobile apps after being viewed. The media continues to exist on WhatsApp's servers. If a user can find the URL for the media file, they can access the message or media file that was supposed to have disappeared.
Be’ery went through the official channels with WhatsApp's parent company Meta and reported the exploit through their bug bounty program on August 26. It was too late though. Be'ery soon found that the bug was already in the wild, as a Chrome extension popped up allowing users to access their already-viewed View Once messages through WhatsApp's web app. ZenGo went public with the exploit and published their report last week on Sept. 9.
It appears the issue has been taken seriously by Meta, at least after Be’ery went public with the exploit. Meta appears to have released a fix for the WhasApp View Once bug on Sept. 12.
According to a new reportby Be'ery, Meta's patch "changes the way View Once media messages are saved to the application’s databases and redact some of the information that enables the media viewing."
The fix appears to have broken the previously mentioned "View Once Photos Bypass" Chrome extension as well.
This Tweet is currently unavailable. It might be loading or has been removed.
But, the fix is "still not enough," according to Be'ery and can be exploited with a workaround. In fact, as Be'ery discovered, the creator of the View Once bypass Chrome extension published an update saying that they've already discovered a new exploit in order to once again access View Once media.
Be'ery also publisheda video showing how View Once messages are still accessible.
Meta told Mashable that it's taking multiple steps to deal with the View Once issue. The initial fix was meant to be temporary as Meta restructures how View Once works in WhatsApp on the web.
"As we said before, we are in the process of rolling out multiple updates to View Once on web," a WhatsApp spokesperson told Mashable. "Those additional updates are forthcoming."
UPDATE: Sep. 18, 2024, 2:04 p.m. EDT This piece has been updated with a statement and additional information from Meta.
Topics Cybersecurity Social Media WhatsApp Meta
PERSONAL ESSAY: Investing in Our Community
'The Last of Us': Does Ellie know Joel is lying at the end?
It's confirmed: 'The Last of Us Part II' will span multiple seasons of TV
How to tell the difference between electric vehicles
JACL: Don’t Compare WWII Incarceration to Sexual Misconduct Allegation
Apple wants the yellow iPhone to fool you...don't let it
Facebook testing bringing Messenger back into main app
Six Nations livestream: How to watch Italy vs Wales from abroad
Sen. Merkley Introduces ‘No Internment Camps’ Legislation
Michelle Yeoh's Oscar win stokes conversations on Asian identity and representation
Janz Challenging Nunes in San Joaquin Valley Congressional Race
Facebook testing bringing Messenger back into main app
Bella Ramsey reacts to 'The Last of Us' finale on Twitter
Salesforce announces ChatGPT for Slack
Regional Connector ‘Halfway There’ Celebration at JANM
'The Last of Us' episode 8 uses a map to reveal something about Joel
YouTube loosens its profanity monetization rules after creator backlash
Wordle today: Here's the answer, hints for March 7
Kizuna Interns Help NVN Gather Resources for Nisei Soldier Exhibit
'The Last of Us' finale finally explains why Ellie is immune
15 gifts true fans of 'The Office' need in their livesEmma Watson coins new term for happily single people and we are 100% on boardGrumpy Cat, Lil Bub, and the death of the good internet eraSex toy designers react to the wild sex toy in 'Watchmen'Trump's White House lawn rant sounds better as a pop punk balladFox News attacks George Kent for... drinking water at the impeachment hearingAOC shares thoughts on 'OK Boomer' while campaigning with Bernie SandersApple Card being investigated by regulators for gender bias'OK Boomer' is the burn that unites generations — even boomersNHL team throws birthday party for 11 Amazon Smart Air Quality Monitor now $55 — Jan. 2024 deals No traffic tickets for self I've used iPhone 15 Pro Max for 2 months: 5 game Public Domain Day 2024 list: 12+ books, movies and songs entering the public domain Congress extends controversial surveillance program for 2024 'The Holdovers' review:?Paul Giamatti and Alexander Payne reunite for curmudgeon comedy Apple Watch import ban timeline: 7 events that got Apple into this mess Microsoft announces 'Copilot key' for easy AI access on Windows PCs Best Dyson deal: Get the Dyson Purifier Hot+Cool Gen 1 HP10 for 17% off Samsung confirms Jan. 17 date for its S24 reveal event
0.2701s , 9861.546875 kb
Copyright © 2025 Powered by 【?? ?? ??】Enter to watch online.WhatsApp 'View Once' messages are far more permanent than you realize (at least for now),Global Perspective Monitoring
