WhatsApp added the ability to use Face ID or Touch ID to access chats earlier this month. The feature was added to prevent sensitive content from being visible directly on the lockscreen without any authentication in place.
A Reddit user discovered an issue with the authentication methods that could potentially allow anyone to open WhatsApp on iOS devices without proper authentication. If users do not have any authentication method in place for iOS Share Sheet, anyone can log in to the messaging app without requiring Face ID or Touch ID.
The security flaw works only if users select any time interval for the Share Sheets app without any biometric authentication in place. Users simply need to trigger the Share Sheet from any app (e.g., Photos) and click on WhatsApp when the list of compatible apps shows up. iOS automatically transitions users to the next screen without prompting Face ID or Touch ID verification. Users can now simply exit the menu and open the messaging app from the Share Sheet again to open the messaging app.
The issue only affects who do not have any kind of biometric protection in place on their iOS devices but have Touch ID or Face ID enabled for WhatsApp. The security flaw lies in WhatsApp and not iOS. Facebook has acknowledged the issue in its popular messaging app and has promised a quick fix as soon as possible.
A WhatsApp spokesperson stated “We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to ‘immediately.” Users who do not want to be affected by the security flaw should have biometric protection enabled on iOS to prevent unwarranted access until a patch is deployed to fix the issue.
What do you think about the security flaw affecting WhatsApp users? Let us know in the comments below and share your thoughts on our socials, on Facebook and Twitter.