WhatsApp has a serious cybersecurity problem and puts our privacy at risk

0
118
whatsapp.jpg
whatsapp.jpg

WhatsApp mobile application

Despite being a key application that we use every day, WhatsApp is far from perfect. We can overlook some functions that your competitors have, aware that sooner or later they will arrive, but when the problems are security, things are much more alarming.

Broadly speaking, what has been discovered is that anyone who knows your WhatsApp number, without having to be your contact, can determine if you are only using the mobile application, or its web or desktop applications, which allows you to get data with which to locate where you may be in every moment.

The serious problem of WhatsApp

It has been discovered that the messaging application used by more than 30 million users in Spain has a serious cybersecurity hole. The discovery is made by Israeli security researcher Tal Be’ery, who has discovered that WhatsApp leaks information from end-to-end encryption identity of devices from victims (mobile device + up to 4 linked devices) to any user, by default, and even if they are blocked and not in contacts.

Cybercrime in the WhatsApp application

 

 

Monitoring the identity information of these devices linked to a user over time can allow potential attackers to collect useful information and valuable about the configuration of its victims’ devices and their changes (device replaced, added or removed).

According to this researcher, currently nothing prevents the most advanced cyber attackers, or any type of stalker can spy to their victims and receive alerts about new devices they possess and new attack opportunities. For example, they would have advanced information about when they are using the mobile version, which could indicate when they are away from home and when they switch to using the web or desktop version, indicating that they are already at home.

SEE ALSO  Who sees my WhatsApp statuses

A risk to privacy

Tal Be’ery’s findings, as he himself has shared on social network X, have been reported to Meta. However, the company run by Mark Zuckerberg does not seem to have been too alert regarding this either. security hole. In fact, his response was that it works as designed.

Twitter user image

Tal Be’ery

@TalBeerySec

5/ I had reported to @Meta @WhatsApp and their response was that it works as designed.
They are right, but their design is wrong.

January 18, 2024 • 15:04

5
1

One of the solutions that this security researcher sees possible would be for at least the application to allow users Do not expose such details to users who are not in your contact list (as they do with other features like profile photo, last time online, etc.). Even consider that, if taken to the extreme, non-contacts should not even know if you have WhatsApp installed.

However, it seems that The company insists that its design and this security breach are not that serious. Meta spokesperson Zade Alsawah told TechCrunch that the company received Be’ery’s research and concluded that the app’s current design is just what users want and expect. “Before, the phone had to be online to receive messages and that presented significant limitations for people. With multiple devices, users can send and receive their personal messages across devices privately with end-to-end encryption, and that’s the direction we’ll continue to take.”Alsawah said in his statement.