WhatsApp loophole lets anyone bypass ‘View Once’ feature as experts slam app for ‘false sense of privacy’

A LOOPHOLE in WhatsApp has let hackers bypass the app’s View Once feature, meaning private images and chats have been shared without consent.

The View Once feature, introduced in 2022, means certain media and messages cannot be reopened, screenshot, or screen recorded.

The content sent under the View Once feature will automatically disappear from chats after being opened for the first time.

“Once you send a view once photo, video, or voice message, you won’t be able to view it again,” WhatsApp explains in a support page on its website.

“Any photos or videos you send won’t be saved to the recipient’s Photos or Gallery.

“The recipient also can’t take a screenshot of anything you send using view once.”

However, cybersecurity experts at the Zengo X Research Team claim that Meta has been “neglectful” with the feature.

The team found that cyber crooks have been able to save and share copies of View Once messages in hacked WhatsApp accounts, Bleeping Computer first reported.

“We had responsibly disclosed our findings to Meta, but when we realised the issue is already exploited in the wild, we decided to make it public to protect the privacy of WhatsApp’s users,” Zengo’s CTO Tal Be’ery said in a new report.

WhatsApp, which is used by two billion people worldwide, can be a magnet for cyber crooks who want a large pool of users to exploit.

Researchers discovered that hackers can turn off the View Once feature after the content has been sent to the recipient.

This allows the content to be downloaded, forwarded and shared.

The cyber flaw has existed for more than a year, although it has only just been publicly reported, according to Be’ery.

“Privacy is critical for Instant Messaging. WhatsApp acknowledged that by supporting End-to-End Encryption (E2EE) for its users’ conversations by default,” Be’ery concluded.

“However, the only thing that is worse than no privacy, is a false sense of privacy in which users are led to believe some forms of communication are private when in fact they are not.

“Currently, WhatsApp’s View once is a blunt form of false privacy and should either be thoroughly fixed or abandoned.”

The Sun has contacted WhatsApp for comment.

But according to Bleeping Computer, parent company Meta is rolling out a fix to WhatsApp’s web app.

It’s unclear whether the vulnerability still exists in the iOS and Android app.