Earlier in the month, WhatsApp had rolled out biometric authentication feature for iOS users of the messenger app. However, it is now being reported that the implementation of biometric authentication using Face ID or Touch ID has a bug that grants access to anyone without verification. The privacy screen lock bypass bug was first reported on Reddit. WhatsApp has acknowledged the problem and will soon be coming out with an update to fix the same.
According to the Reddit post , the bug occurs if the user selects any option other than "Immediately" inside WhatsApp Settings -> Account -> Privacy -> Screen Lock. The other options include 'After 1 minute', 'After 15 minutes', and 'After 1 hour'. The bug could allow any user to bypass the iPhone's Face ID or Touch ID authentication by using iPhones share feature used to send files over WhatsApp.
Bypass Screen Lock bug -- IOS! https://t.co/K3zFar5VBk- WABetaInfo (@WABetaInfo) February 19, 2019
If the user has set verification requirement as 'immediately' then they would have to provide Touch ID or Face ID input each time they open WhatsApp. The authentication system fails when the user selects a particular interval option other than 'immediately'.
Confirming the bug, a WhatsApp spokesperson said, "We are aware of the issue and a fix will be available shortly. In the meantime, we recommend that people set the screen lock option to 'immediately."
WhatsApp had expected the messenger to become more secure that they previously were with the addition of Face ID and Touch ID support. However, issues with securtity have refused to die down for the Facebook owned messenger.
Last month a user discovered a privacy flaw with Apple's FaceTime group video chat software, which allowed iPhone users to see and hear others before they accept a video call. Apple rolled out an iOS update to fix the issue.
Edited By: Udit Verma