Vulnerability discovered in WhatsApp Web: all users affected
Security researchers have found a new vulnerability in the WhatsApp Web API. It is thus possible for hackers to access third-party user data. And unlimited.
Security researcher Loran Kloeze has uncovered a critical loophole in WhatsApp's web interface. This enables hackers to query unlimited telephone numbers in the database. He also has the gap here in one Blog post recorded.
Creation of infinite user databases possible
Kloeze has developed an extra script for this experiment, which runs through several numbers. In the event of a hit, the associated phone number, information and profile picture of the user are displayed. In this case, the IT expert defines a filter of phone numbers that the script searches through. This is done solely by using the WhatsApp Developer API. This means that you could record the online times of a user for months - without them noticing.
As a spokesman for Motherboard now reports, the problem is already being worked on. In addition, abuse will be observed behind the scenes and unusual queries will be blocked. If you don't want to be tapped, you can hide all data in WhatsApp's data protection settings. For each point, the setting must be set to "My contacts". Then the hacker could theoretically only access data from his contacts.