A security bug in latest version of WhatsApp, which allows iPhone user to bypass the Face ID or Touch ID lock.
What is the Bug?
WhatsApp’s new privacy feature allows iPhone users to require Touch ID or Face ID, fingerprint or facial recognition, to open the app but users were able to bypass those log-in methods by using the iPhone’s “share” function to send files over WhatsApp.
According to reddit post conversation,
“This works if an option other than “Immediately” has been set inside WhatsApp Settings -> Account -> Privacy -> Screen Lock, when either “Require Face ID” or “Require Touch ID” has been toggled on depending on the iOS device.
How it works?
- Get to the iOS Share Sheet through any method (Here’s an example of iOS Share Sheet opened through Photos app)
- Click on the WhatsApp icon in the iOS Share Sheet.
- While transitioning to the next screen, you observe that no FaceID or TouchID verification takes place if an option other than “Immediately” was set previously. Now just exit out to the iOS Home Screen. (If in some cases, it asks for FaceID or TouchID verification, just cancel it and try clicking on WhatsApp icon in the iOS Share Sheet again).
- Try to open WhatsApp and voila, it simply lets you inside WhatsApp without FaceID or TouchID verification.”
“This bug does not occur if ‘Immediately’ has been set inside WhatsApp Screen Lock Settings,” the reddit user added.
“We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to ‘immediately,’” a WhatsApp spokesperson said by email to reuters.
WhatsApp Security team have fixed the Bug and rolled out with new 2.19.22 version. If you are iPhone user, then you need to update WhatsApp immediately.
Last month a user discovered a privacy flaw with Apple’s FaceTime group video chat software, which allowed iPhone users to hear or see before you even pick up your call. After, Apple have fixed the security vulnerabilities including Zero Days and Facetime Bug in its latest update.