WhatsApp users are advised to take action following a recent security concern. The messaging platform faced scrutiny due to a vulnerability that could potentially allow hackers to exploit personal data by sending malicious files directly to users’ devices. The issue, initially brought to light by Google’s Project Zero team, arises from the app’s automatic download feature, which saves media files without user consent.
Reports suggest that cybercriminals may have been creating fake group chats to entice unsuspecting individuals. Once a user accepts an invitation to join the group, infected files are automatically downloaded to their devices, often without their knowledge.
While the extent of the impact remains uncertain, the discovery has raised alarms among the app’s vast user base. In response to the flaw, WhatsApp swiftly rolled out a patch to mitigate the risk of new infections. However, this incident underscores the inherent danger of enabling automatic downloads on devices.
To safeguard their privacy and security, users are encouraged to update their WhatsApp to the latest version and adjust their settings promptly. One recommended precaution, as advised by cybersecurity experts at Malwarebytes, is to disable Automatic Downloads or activate WhatsApp’s Advanced Privacy Mode. By doing so, users can prevent media files from being automatically saved to their devices.
To modify the download settings, users can access WhatsApp on their Android devices, tap the three-dot menu in the top-right corner, navigate to Settings, then proceed to Storage and data. Within the Media auto-download section, users can deselect all media types – Photos, Audio, Videos, Documents for mobile data, Wi-Fi, and roaming connections, ensuring that no media is automatically downloaded.
Additionally, experts suggest limiting group membership permissions to mitigate risks. Users can manage group settings by adjusting privacy preferences to allow only trusted contacts to add them to groups, reducing the likelihood of falling victim to such attacks. For professional users, maintaining stringent control over group memberships and restricting access to known contacts and approved administrators is also advised.