Vulnerability discovered in WhatsApp Web: all users affected
from David Wurm 
on May 15, 2017, 20:10 am | Write a comment
Security researchers have found a new vulnerability in the WhatsApp Web API. It is thus possible for hackers to access third-party user data. And unlimited.
Security researcher Loran Kloeze has uncovered a critical loophole in WhatsApp's web interface. This enables hackers to query unlimited telephone numbers in the database. He also has the gap here in one Blog post recorded.
Creation of infinite user databases possible
For this experiment, Kloeze has developed a special script that runs through several numbers. If a match is found, the corresponding phone number, information and profile picture of the user are displayed. In this case, the IT expert defines a filter of phone numbers that the script searches through. This is done using only the WhatsApp developer API. This means that a user's online times could be recorded for months - without them noticing.
This is the script, the vulnerability in WhatsApp Web. This can be used to read out third-party user data. (Image: Loran Kloetze/ Blog)
As a spokesperson told Motherboard, the problem is already being worked on. In addition, abuse will be monitored behind the scenes and unusual requests will be blocked. If you don't want to be intercepted, you can hide all data in WhatsApp's privacy settings. Here, the setting for each point must be set to "My contacts". The hacker could then theoretically only intercept data from his contacts.