WhatsApp’s new biometric authentication feature on iOS has a vulnerability

If you lock WhatsApp with Face ID or Touch ID, someone may be able to get in anyway

WhatsApp icon on phone

Less than a month after WhatsApp added a new security feature to its iOS app, users have found a vulnerability.

The Facebook-owned chat app added a handy ‘lock’ ability to its iOS app that requires Touch ID or Face ID to unlock the app and view chats. It was a welcome change that added convenient security to the app for many users.

Unfortunately, a Reddit user by the name of ‘de_X_ter’ found a vulnerability with this new feature. Anyone can use the iOS ‘Share Sheet’ to open WhatsApp.

For users who require biometric authentication immediately, the workaround doesn’t appear to affect you. However, if you set a time interval — such as a one minute pause before WhatsApp requires authentication again — the Share Sheet resets it.

To do this, all someone needs to do is open the iOS Share Sheet from anywhere on an iPhone, such as from a photo in the Photos app or even by 3D Touching an app icon on the home screen. Once in the Share Sheet, tap the WhatsApp icon.

When the iPhone transitions to the next screen, WhatsApp doesn’t ask for authentication unless users set it to require authentication ‘Immediately.’

Finally, users must exit to the home screen and open WhatsApp and it will let you in without verification.

The Redditor notes that sometimes you’ll get a pop-up asking for verification when you return to the home screen, but you can just tap cancel and open the Share Sheet again.

A WhatsApp spokesperson told Reuters that the company was aware of the issue and “a fix will be available shortly.”

Source: Reddit Via: 9to5Mac, Reuters