This discovery, made by security researcher Tal Be'ery , raises serious questions about privacy and security at WhatsApp and reveals a shocking gap in the protection of personal data.

WhatsApp privacy issue uncovered

Tal Be'ery's discovery shows that attackers can easily gain access to information about the devices used by WhatsApp users.

This data leak affects a wide user base and allows device details such as the number and type of devices used as well as the timing of device changes to be read. What is worrying is that this data access does not require the consent of those affected.

Technical background of the security vulnerability

The security hole lies in the WhatsApp web client.
All an attacker needs to do is know their victim's phone number and add them to their contact list. He can then access a local database using the browser's developer tools. This database stores the identity keys for end-to-end encryption (E2EE). Critically, these keys are exchanged before the first message is sent, which increases the risk of misuse.

Screenshot WhatsApp
Screenshot WhatsApp

Reaction and concerns from Meta

Meta, the parent company of WhatsApp, does not seem to consider the problem to be serious. Be'ery, who shared his observations about Meta's bug bounty program, received the response that it was not an implementation error, but rather a conscious decision in the protocol's design.

This stance by Meta raises serious concerns, especially since there is currently no way for users to protect themselves from such data misuse.

Solutions and recommendations

To address these privacy issues, Be'ery recommends an overhaul of WhatsApp's E2EE protocol. Such a fix could limit the exchange of identity keys to trusted contacts, significantly reducing the risk of unauthorized access.

questions and answers

Question 1: How serious is this security issue?
Answer 1: This security issue is very serious because it potentially affects every WhatsApp user and does not require consent to access device information.

Question 2: What can WhatsApp users do to protect themselves?
Answer 2: There is currently no direct way for users to protect themselves from this specific issue. A general recommendation would be to be vigilant and minimize the number of contacts saved.

Question 3: Does Meta plan to fix this problem?
Answer 3: So far, Meta appears to have no intention of recognizing this issue as a security vulnerability and acting accordingly.

Question 4: How exactly does access to the data work?
Answer 4: Access is achieved via WhatsApp's web client by adding the victim's phone number to the contact list and then accessing a local database via browser developer tools.

Question 5: What information can be accessed?
Answer 5: Information can be obtained about the number and type of WhatsApp devices used by a person as well as when the device was changed.

Conclusion

This incident highlights the need for users to be aware of the potential risks and for companies like Meta to revise their protocols to protect the privacy and security of their users.

Source: Golem , Medium

To stay up to date, we recommend subscribing to Mimikama newsletter Those interested can also take part in our online lectures and workshops . – Stay safe and informed.

You might also be interested in:


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )