New vulnerability reveals WhatsApp privacy is ‘broken’

Updated on 12-Feb-2015
HIGHLIGHTS

The tool can track any change of profile pictures, privacy settings or statuses in WhatsApp.

Another major vulnerability in popular messaging application WhatsApp has been revealed. The latest vulnerability has been disclosed by Maikel Zweerink, who previously developed a web tool called Whatsspy that can track move of any WhatsApp user.

In a detailed blog titled WhatsApp privacy is broken, Maikel Zweerink reveals WhatsSpy Public – a web-oriented application that can track every move of whoever you like to follow. He claims the app is setup as an “Proof of Concept that Whatsapp is broken” in terms of privacy.

According to Maikel Zweerink, the app can track online and offline status of a user even though privacy options are set to nobody, as well as profile pictures, privacy settings and status messages. The tool features a simple GUI to view a timeline of user and can campare it with other tracked user. Click here to learn more about the tool.

“The privacy options in Whatsapp act like they give you full control over your status in Whatsapp meanwhile they only affect a very limited scope. Sure, the lastseen, profile picture and status options do work, but probably not as the user intented it to. The ability for an complete stranger to follow your in-app status is pretty creepy and might be abused already. This is not an "hack" or "exploit" but it's broken by design,” adds Maikel Zweerink.

The latest vulnerability comes days after a security bug in WhatsApp revealed private pictures to strangers. The bug allows people to see the profile photos of strangers, even after they have added the security settings for friends only. The web app also allows users to see photos that they would have deleted, while on the phone app, those photos get blurred out.

Example of what WhatsSpy public can reveal about you:

Connect On :