Science

This WhatsApp flaw lets hackers, stalkers "monitor" your activities!

12 Oct 2017 | By Ramya Patelkhana
Privacy breach flaw discovered in WhatsApp

Over 1.2-billion people use WhatsApp everyday around the world; however, it turns out the popular messenger can also be used by stalkers and hackers to spy on people.

Despite claims of privacy protection and end-to-end encryption, WhatsApp suffers from a flaw in the harmless "status-tracking" feature (last seen/online status).

Anyone with a little technical knowledge can monitor users' activities, including sleeping patterns.

Read more!

In context: Privacy breach flaw discovered in WhatsApp

12 Oct 2017This WhatsApp flaw lets hackers, stalkers "monitor" your activities!

Privacy FlawFlaw allows users to be snooped on

The new flaw in WhatsApp has been discovered by Rob Heaton, a software engineer. He could exploit the vulnerability by building a Google Chrome extension with just four lines of code.

Information collected using the status-tracking trick can also be used by stalkers to correlate two or more users communicating with each other.

Heaton found other similar security-related vulnerabilities even in the past.

WhatsApp seems to encourage openness in other ways: Heaton

Heaton stated: "The default for all of the privacy settings is to share everything with everyone, and few people think to tinker with them." However, he noted that "only users who display their own "last seen" are allowed to see the "last seen" of others."
Can determine WhatsApp users' app usage patterns quite accurately: Heaton

DetailsCan determine WhatsApp users' app usage patterns quite accurately: Heaton

On his website, Rob Heaton said that anyone could track users by their "last seen" and "online status"; hackers can check people's activity anytime.

Forget exceptionally skilled hackers, even regular people can keep an eye on the users' activity because of this vulnerability in the app.

However, the flaw doesn't let hackers know the contents of WhatsApp messages as they are end-to-end encrypted.

More and more services require your phone number nowadays

Anyone with your cell phone number -provided for whatever reason- can save it on their device. If the number is linked to your WhatsApp, they can easily monitor how often you stay online and what time you go to sleep or wake up, revealed Heaton.

No SolutionThere's nothing users can do to stop stalkers

However, unfortunately, WhatsApp users can do nothing to stop attackers from monitoring their activity. WhatsApp has not stated it is going to fix the issue.

They can only disable their "last seen" status completely, or display it only to their contacts, but "online" status cannot be disabled.

User data can be collected on a mass level and then sold to third-parties for advertising purposes.

No way to defend against monitoring: Heaton

Heaton pointed out WhatsApp users can hide "last seen" but not "online" status. Hackers can update their tools to monitor whether people are "online" rather than relying on "last seen". He added there is "no way at all" for users to defend against such monitoring.