rheality
WhatsApp Security Bug Unveiled
Feb 05 2015 at 03:06am
According to new reports, there is a security problem in WhatsApp that allows anyone to see users' profile pictures.
First discovered by 17 year old security researcher Indrajeet Bhuyan, the problem stems from the smartphone app not being properly synced with the new WhatsApp web interface. With WhatsApp, users are offered the option keep their photos private with everyone but people they have as contacts. This bug allows people to get around this security option to see the profile photos of strangers. The Web app bug also allows users to see deleted photos. On the smartphone app, these photos get blurred out but they remain intact on the Web app. The Web client launched on January 21st, allowing users to read and reply to messages from their PC, though the Web app had limited compatibility and functions for now. The bug appears to only affect the web version of WhatsApp.
"Sure, it's not the most serious privacy breach that has ever occurred, but that's missing the point. The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved," explained security researcher Graham Cluley on his blog. Recently, Whatsapp introduced end-to-end encryption for users to further its commitment to security and privacy for its users. WhatsApp is expected to move quickly to patch this bug to preserve its good reputation on security. WhatsApp is also expected to improve its Web client.
Last edited 05 Feb 2015