Researchers discover security vulnerability in WhatsApp
3 days ago
- #Privacy
- #Security
- IT-Security researchers from the University of Vienna and SBA Research identified a privacy weakness in WhatsApp's contact discovery mechanism.
- The flaw allowed the enumeration of 3.5 billion WhatsApp accounts by querying over 100 million phone numbers per hour.
- Exposed data included phone numbers, public keys, timestamps, and public profile information, revealing additional insights like operating system and account age.
- Millions of active WhatsApp accounts were found in countries where the platform is officially banned, such as China, Iran, and Myanmar.
- The study provided population-level insights, including global distribution of Android (81%) vs. iOS (19%) devices and regional privacy behavior differences.
- Nearly half of the phone numbers from the 2021 Facebook data leak were still active on WhatsApp, highlighting enduring risks.
- Meta (WhatsApp's parent company) has implemented countermeasures like rate-limiting and stricter profile visibility controls.
- The research was conducted ethically, with all collected data deleted before publication, and no message content was accessed.
- This study is part of a series examining security and privacy in instant messengers, building on previous research on delivery receipts and key management.
- The findings emphasize the need for continuous security evaluation and collaboration between researchers and industry to protect user privacy.