WhatsApp exploit can reveal when users are messaging or sleeping

WhatsApp exploit can reveal when users are messaging or sleeping
Back in July, WhatsApp announced that it had 1 billion daily active users, all of them protected from prying eyes thanks to its end-to-end encryption. That means that no one, not even WhatsApp, can break the code and read the content of messages sent by the messaging app's subscribers. However, a software engineer named Robert Heaton has come across a vulnerability that allows outsiders to figure out when two WhatsApp users are most likely to be messaging each other, and when they are asleep.

Using WhatsApp online status and last seen features can allow someone to analyze the figures and get a good idea of a user's sleeping patterns. The last seen settings allow everyone to have access to the data, restrict them to be seen by contacts only, or allow them to be hidden to everyone. By default, this information is available for anyone to see. The online status information cannot be hidden or restricted in any way.

Heaton revealed how this information can be used. First, he would build a Chrome extension allowing him to monitor when his contacts are online, using the WhatsApp web application. It takes just four lines of Javascript to do this. Taking that information and comparing it to the activity of another contact, Heaton could figure out if and when two of his contacts were communicating with each other. The same vulnerability can be exploited on Facebook.

Knowing the sleeping patterns of messaging app users is the kind of information that online advertisers would treasure, so this vulnerability could, in theory, help launch a money making venture for someone.

source: RobertHeaton via TNW



1. PhoneInQuestion

Posts: 496; Member since: Aug 20, 2017

Well now that doesn't sound rape-y at all!

2. thedizzle

Posts: 204; Member since: Oct 05, 2017

steve steveington lol

3. TheOracle1

Posts: 2340; Member since: May 04, 2015

This is old news. There was an app in the playstore that used to do this a few years ago.

4. raghu67

Posts: 32; Member since: Aug 23, 2012

is this really a vulnerability...? is it really a news.. if u guys don't have anything to report, just let the same old articles be there, don't post just for the sake of posting.. can't we just check the last seen times manually & compare...

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless