🌋 WhatsApp Security Faces Another Blow
posted 23 May 2024
A vulnerability in WhatsApp Messenger allows fraudulent groups or government organizations to track who users are messaging and their approximate locations, though the messages themselves remain encrypted. This was disclosed by developers in an internal security report.
The vulnerability exploits classic traffic analysis, and with extensive data collection, a detailed map of user interactions can be created. However, addressing the issue could impair the app's functionality and user convenience, prompting Meta, WhatsApp's parent company, to downplay its seriousness.
One employee mentioned that the management prefers to avoid taking action unless the situation becomes critical or attracts significant public attention. Regardless, WhatsApp Security staff indicate that they cannot resolve this issue alone and require assistance from other departments.
Some Meta employees have raised alarms about the vulnerability's potential use by military forces to track enemy combatants, potentially leading to targeted strikes. This issue could also pose a threat to cryptocurrency investors, who could be tracked and targeted for extortion.
The vulnerability exploits classic traffic analysis, and with extensive data collection, a detailed map of user interactions can be created. However, addressing the issue could impair the app's functionality and user convenience, prompting Meta, WhatsApp's parent company, to downplay its seriousness.
WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works,said Meta spokesperson Christina LoNigro.
One employee mentioned that the management prefers to avoid taking action unless the situation becomes critical or attracts significant public attention. Regardless, WhatsApp Security staff indicate that they cannot resolve this issue alone and require assistance from other departments.
Some Meta employees have raised alarms about the vulnerability's potential use by military forces to track enemy combatants, potentially leading to targeted strikes. This issue could also pose a threat to cryptocurrency investors, who could be tracked and targeted for extortion.