This WhatsApp Exploit Lets You Track Your Friends And Strangers

New WhatsApp Exploit Lets You Track Your Friends And Strangers

As we all know WhatsApp Messenger is a freeware and cross-platform instant messaging service for smartphones. It uses the Internet to make voice calls, one to one video calls; send text messages, images, GIFs, videos, documents, user location, audio files, phone contacts, and voice notes using standard cellular mobile numbers.

It is one of the best messaging apps in the market but many were left in shock when the new Exploit was discovered by a CS researcher. It was Bad news for the millions of users who use WhatsApp every day as this new vulnerability is discovered on the most used messaging platform in the world that could potentially endanger our privacy by revealing sensitive data about how we use the application.

According to the researcher, anyone, as long as has a computer in hand, could take advantage of this vulnerability and gain access to sensitive data about any other WhatsApp user. The bug resides in the tool “last hour of connection” that appears at the top of each chat window.

It seems that every time this information is updated, the changes are recorded in an internal file of the WhatsApp, and just access it from the menu for developers of the browser.

Taking advantage of this information, Researcher decided to go further, creating a simple extension for Google Chrome based on JavaScript of only four lines of code, which allowed monitoring the use of the application of any contact, accessing the aforementioned file every ten-second period.

But that is not the worst Scenario if they know the hours we sleep a day is not too serious. However, if we add the possibility of obtaining the same data from any other user, it is quite simple to know if two contacts of the same “circle” are speaking at a specific time simply by crossing the data of both. With just this information leak they could go on further tracking our movements and become aware of our deeds and processes we perform all day.

As they points out, it would be enough to create a pattern that relates the user’s last connection to that of one of his/her contacts, to discover that they are most likely to be having a WhatsApp conversation when the connection times are simultaneous on several occasions. Logically, when carrying out this espionage, the two users to be monitored must be in the contact list.

Unfortunately, since this is the normal operation of the application, and it is not an error as such, it is unlikely that the social network giant Facebook decides to remedy the matter. In addition, since most messaging apps have a late-connection logging system very similar to WhatsApp, this vulnerability is extrapolated to others like Messenger or Telegram.