WhatsApp’s Big Security Hole Allows WhatsSpy Web-Based App To Track Users

If you think your WhatsApp account and activity are secure, well think again. A serious vulnerability lets your status be tracked as well as any changes you're making to profile photos, status messages and settings -- even if you've been diligent about adjusting privacy settings.

You can thank a Dutch university student for not only alerting the world to the security flaw, but for seeking it out, literally.

Maikel Zweerink created an app aimed at proving just how weak WhatsApp is in terms of user security, and his program WhatsSpy Public apparently works pretty well when it comes to tracking user activity. Those using a SIM card or a non-WhatsApp phone number and a few other little tricks can track whomever they wish on the social networking platform.

"I made this project for you to realize how broken the privacy options actually are. It just started out as experimenting with WhatsApp to build a bot, but I was stunned when I realized someone could abuse this 'online' feature of WhatsApp to track anyone," Zweerink wrote in a blog post discussing his app. "I could just say this in like a blog article that the privacy options are broken, but you wouldn't realize the impact it actually has."

According to Zweerink, the web app is a proof of concept that the social network is "broken" when it comes to user privacy. Once you have it up and running and even if a user has privacy options set to "nobody," the program lets you track status, check out profile photos, mess with privacy settings and see status messages.

The social networking site, owned by Facebook, boasts more than 700 million users. The security flaw comes just months after WhatsApp introduced improvements to its security measures.

As Tech Times reported in November 2014, the site announced a new feature aimed at securing user privacy and activity. The end-to-end encryption feature from Open Whisper Systems promised to prevent anyone, except a sender and receiver, from viewing messages.

The security effort was not applauded by law enforcement and federal agencies such as the FBI, which claimed it would inhibit investigations requiring insight from WhatsApp user activity.

At the time cryptography expert Matthew Green of Johns Hopkins University Information Security Institute described the end-to-end encryption for WhatsApp as "very significant."

"Now there are people who don't even know what encryption is who will still get the benefit of a strong encryption protocol on all their messages," Green said.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics