This WhatsApp flaw lets hackers, stalkers "monitor" your activities!
Over 1.2-billion people use WhatsApp everyday around the world; however, it turns out the popular messenger can also be used by stalkers and hackers to spy on people. Despite claims of privacy protection and end-to-end encryption, WhatsApp suffers from a flaw in the harmless "status-tracking" feature (last seen/online status). Anyone with a little technical knowledge can monitor users' activities, including sleeping patterns. Read more!
The new flaw in WhatsApp has been discovered by Rob Heaton, a software engineer. He could exploit the vulnerability by building a Google Chrome extension with just four lines of code. Information collected using the status-tracking trick can also be used by stalkers to correlate two or more users communicating with each other. Heaton found other similar security-related vulnerabilities even in the past.
Heaton stated: "The default for all of the privacy settings is to share everything with everyone, and few people think to tinker with them." However, he noted that "only users who display their own "last seen" are allowed to see the "last seen" of others."
On his website, Rob Heaton said that anyone could track users by their "last seen" and "online status"; hackers can check people's activity anytime. Forget exceptionally skilled hackers, even regular people can keep an eye on the users' activity because of this vulnerability in the app. However, the flaw doesn't let hackers know the contents of WhatsApp messages as they are end-to-end encrypted.
Anyone with your cell phone number -provided for whatever reason- can save it on their device. If the number is linked to your WhatsApp, they can easily monitor how often you stay online and what time you go to sleep or wake up, revealed Heaton.
However, unfortunately, WhatsApp users can do nothing to stop attackers from monitoring their activity. WhatsApp has not stated it is going to fix the issue. They can only disable their "last seen" status completely, or display it only to their contacts, but "online" status cannot be disabled. User data can be collected on a mass level and then sold to third-parties for advertising purposes.
Heaton pointed out WhatsApp users can hide "last seen" but not "online" status. Hackers can update their tools to monitor whether people are "online" rather than relying on "last seen". He added there is "no way at all" for users to defend against such monitoring.