A researcher, Tal Be’ery, has demonstrated a fourth method to bypass WhatsApp’s View Once feature by using a modified client to capture media before it disappears. Meta says it will not patch the issue because it involves unofficial clients outside its security model and bug bounty scope, and Be’ery suggests DRM as a possible mitigation. #WhatsApp #TalBeery
Keypoints
- Tal Be’ery discovered a fourth View Once bypass that uses a modified WhatsApp client.
- The exploit allows downloading View Once media before it vanishes and can be scaled via browser extensions and WhatsApp Web.
- Meta declined to patch the issue, arguing modified clients and client spoofing are outside its security model and bug bounty scope.
- Be’ery criticized Meta’s inconsistent assessment, noting previous modified-client bypasses were patched and sometimes rewarded.
- Be’ery recommends DRM to prevent redistribution, while Meta contends DRM is unsuitable for WhatsApp’s threat model and may not stop analog recording.
Read More: https://www.securityweek.com/researcher-discovers-4th-whatsapp-view-once-bypass-meta-wont-patch/