Information security specialist Shitesh Sachan told The Hacker News about a problem he recently discovered in the WhatsApp messenger: it does not delete files sent to iPhone users.
The problem is very similar to a bug that researcher Dhiraj Mishra recently discovered on Telegram.So, Sachan noticed that even if a WhatsApp user deletes a file that was accidentally sent to someone using the “Delete for Everyone” function, this does not work for iPhone users, and the multimedia files still remain on the device. Although the application at the same time assures that the message was successfully deleted.
‘’Delete for Everyone’ feature is intended to unsend mistakenly sent inappropriate messages—including text, photos and videos—from the recipient’s phone, or from the phones of all members of a group. Well, we’ve all been there, but what’s more unfortunate is that the ‘Delete for Everyone’ feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy”, — report in The Hacker News.
In the case of WhatsApp, the function is only available for 1 hour, 8 minutes and 16 seconds after sending the message you want to delete, which is good and fair. However, the fact is that any multimedia files received through WhatsApp are saved by default to Camera Roll on iPhone or Android Media Gallery, if it comes to Android. Although this can be changed in the settings, few people care about this, and this is precisely the root of the problem.
Read also: Bug in iOS 13 allows bypassing the lock screen and open the address book
So, when using the “Delete at all” function, files saved in Camera Roll iPhone are not deleted, while a similar action on an Android device will also delete files from the gallery too.
Though if Telegram developers recently made efforts to eliminate almost the same vulnerability in their messenger and paid a fee to the researcher for it, then WhatsApp developers answered Sachan that they did not see the problem:
“The opportunities provided by the Delete at all function are designed to delete messages, but there is no guarantee that media files (or messages) will be permanently deleted; Our implementation focuses on the presence of the message directly on WhatsApp”, – representatives of the messenger said.
User Review
( votes)
