Firefox users are vulnerable to WhatsApp file theft!

Last Updated on July 4, 2019 by Vinay KharayatHey folks! We all love chatting. A many number of images, files are sent via WhatsApp everyday. These include your private images, documents etc. How would you feel after knowing that WhatsApp attachments are vulnerable to attackers?

This 10 years old company managed to gather more than A billion users worldwide. This chatting app is now owned by Facebook. But WhatsApp is not much secured like it claims. WhatsApp failed to provide a complete safe environment to its user. But I think they don’t even try.

What is the whole story?

Your WhatsApp attachments (sent images mostly) are unencrypted. Attacker can steal your sent images/pics via WhatsApp by sending an .html file., said french security researcher Elliot Alderson (@fs0c131y). Elliot retweets a tweet by @evaristegal0is in which its shown that how an attacker can steal your attachment by just sending you a HTML file.

@evaristegal0is wrote:

If you use WhatsApp and Firefox (or Tor) on Android, do not open with Firefox the received HTML or SVG files via WhatsApp. An attacker can easily steal your documents sent via WhatsApp, saved in the directory “WhatsApp Documents/Sent”. I hope the Mozilla team will fix soon. Bye.

Here is the link to his tweet. He posted a video doing this!

He also mentioned that Mozilla knows about this issue but didn’t do anything about it.

Though Firefox claims that this is not a bug, but a feature!

How to make sure our data is safe?

Some of the people in twitter said that this is the bug of WhatsApp not of Firefox. They claim that WhatsApp should keep these files in encrypted format for more security. To protect you data from attacker/hackers, make sure you don’t open any file sent by someone via Firefox. We need to know that this can only be achieved, if victim is using Firefox. I mean how deeply will it  hurt to know that noodes you sent are circulating across university. But you need not to worry about it much. Don’t use Firefox to open any suspicious file sent by someone. You can use other browsers for those files as other browser don’t use this filesystem.

I hope you enjoyed reading the post. Please share this post to make others aware of these types of attacks.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.