The vulnerability was identified by Tal Be’ery, the CTO of the crypto wallet company Zengo, and the Zengo X Research Team. According to their findings, the “View Once” feature is technically no different from regular media messages, except for a flag that marks the media as “View Once.” This flag can be easily toggled off, allowing the media to be downloaded, forwarded, and shared.
The researchers discovered that the “View Once” feature is not as secure as it appears. By toggling off the “View Once” flag, the media can be downloaded, forwarded, and shared, defeating the purpose of the feature. This vulnerability could be exploited by attackers to access and distribute sensitive media that was intended to be viewed only once.
The report highlights the importance of implementing robust security measures to ensure the privacy and security of user data, even in features designed to be ephemeral. The researchers recommend that developers and platform owners thoroughly review the implementation of such features and address any potential vulnerabilities to protect user privacy and prevent the misuse of sensitive information.
