Robert Heaton, a computer science software expert, has come to the conclusion that by taking advantage of a breach in WhatsApp Web, the desktop variant of the platform, it would be possible to know when a user goes to bed or when he/she wakes up, and what is even more serious: with whom he/she is speaking .
Any WhatsApp user could know who you’re talking to
According to the researcher, anyone, as long as he/she has a computer on hand, could take advantage of the vulnerability and gain sensitive data about any other WhatsApp user – though there are exceptions, of course. The bug resides in the tool “last hour of connection” that appears at the top of each chat window next to the name of the contact in question. It seems that every time this information is updated, the changes are recorded in an internal file of the application, and just access it – from the menu for developers of the browser, for example – to get the last hours of connection.
Taking advantage of this information, Robert Heaton decided to go further, creating a simple extension for Google Chrome based on JavaScript of only four lines of code, which allow to monitor the use of the application of any contact, accessing the aforementioned file every ten-second period. In this way, it would be possible to accurately obtain the patterns of use of the victim, and even get an idea of their sleep cycles if we start from the base that WhatsApp is usually the last app that we consult in our day to day and the first one we see when we wake up in the morning.
But that is not the worst if they know the hours we sleep a day is not too serious. However, if we add the possibility of obtaining the same data from any other user, it is quite simple to know if two contacts of the same “circle” are speaking at a specific time simply by crossing the data of both. As Heaton points out, it would be enough to create a pattern that relates the user’s last connection to that of one of his/her contacts, to discover that they are most likely to be having a WhatsApp conversation when the connection times are simultaneous on several occasions. Logically, when carrying out this espionage, the two users to be monitored must be in the contact list. Unfortunately, since this is the normal operation of the application, and it is not an error as such, it is unlikely that the social network giant Facebook decides to remedy the matter. In addition, since most messaging apps have a late-connection logging system very similar to WhatsApp, this vulnerability is extrapolated to others like Messenger or Telegram. So, what do you think about this? Simply share your views and thoughts in the comment section below.
Δ