WhatsApp flaw may be exploited to reveal when a user is online or is talking to someone else

A software engineer has discovered a critical vulnerability with popular messaging app WhatsApp that allows anyone to track a user's activity.

A software engineer has discovered a critical vulnerability with popular messaging app WhatsApp that allows anyone to track a user's activity. While the vulnerability cannot be used to access messages, the flaw can be exploited to track sleep activity.

WhatsApp app logo. Reuters.

WhatsApp app logo. Reuters.

Reported by TheNextWeb, anyone with a basic technical understanding of JavaScript and a Chrome extension can exploit the flaw and track an individual's WhatsApp usage.

Robert Heaton, who found the flaw, states on his website that the tracking is done using the user's 'last seen' and 'online' status data. Tracking this data, the hacker can potentially check up on an individual's activity at any given time.

The report also mentions that there is no way a user can get around this hack. WhatsApp does allow the option of selecting whether users want to share their 'last seen' status with your 'contacts only', 'everyone' or 'no one'. However, it does not have a similar mechanism for blocking out users from seeing when a user was 'online'.

This data can also be used to potentially figure whether an individual is talking to another on the messaging app by minutely matching when the two individuals go online.

Android Authority in a report has also mentioned that though this hack might come across as new to WhatsApp users, a similar hack was earlier designed to track similar data on Facebook as well.




also see

science