WhatsApp users’ personal data was in danger of leakage, said an IB researcher from India. According to him, the new “Click to Chat” function is to blame. The uses of which leads to the indexing of phone numbers of users on Google, and, as a result, to their appearance in the search results.
“Your WhatsApp phone number may be leaked to the Internet, and the authorities will not doubt it, do you?”. This is how the publication of cybersecurity researchers from Atul Jayaram in India began in a media forum.
According to Jarayama, he discovered an unpleasant loophole in a popular Messenger. Users from the United States, Britain, India. And almost all other countries in the world have suffered from it.
The vulnerability is in the “click to chat” function, which allows you to have a conversation with WhatsApp users by scanning QR codes. Each account is assigned a unique code. Which is a link in the form of https://wa.me/ in the form of decryption. At the end of the link is the user’s phone number that is not hidden or encrypted.
For example, you can share this link on Twitter so that your friends can quickly chat with you. However, after posting the link once on the social network, Google and other search engines began to index it and display it as output. Moreover, deleting the link will no longer help if it reaches Google, then it will stay there.
Given that attackers can take over these numbers. You need to be prepared to receive calls and messages from potential spammers or advertisers. According to the researchers who discovered the vulnerability. The most reliable solution is to delete the account and assign a new phone number.
Atul Jayaram believes that WhatsApp can avoid this problem by encrypting the user’s phone number instead of storing it as plain text.
Then, the researcher’s request aimed to implement two-factor authentication. In which the device owner himself chose a six-digit PIN code to enhance security.
As discovered by IB experts, this PIN is stored in Messenger’s “sandbox” in an unencrypted form-this area is not accessible by default by other applications. Nonetheless, there are many exceptions when you can still enter the “sandbox” and find out the user password. Therefore, iPhones with jailbreak check functions are vulnerable to attack, and attackers must physically access them. In addition, if the owner has root permissions and can provide him with a wide range of super administrator functions, the PIN code can be found on the Android-based gadget.
Xiaomi Mi Band 5 Design & Feature & Launching & Charging works!
Sony PS5 comes with advanced feature on june 12 with official announcement
Apple iOS 14 added support for call recording function
The wait of users is near to over because of a few days left for…
A short video has surfaced with an alleged PlayStation 5 loading screen and a user…
It is not wrong to say that the first leak of the A14 bionic benchmark…
The EU is currently studying a proposal to reform digital markets and data sharing methods.…
Only a few weeks left for the official announcement of the iPhone 12. The source…
A well-known analyst has already shared a lot of information about the iPhone models that…