WhatsApp, privacy problem: the numbers of 300 thousand users end up on Google


New privacy issues for Whatsapp: as reported by Threatpost, computer researcher Athul Jayaram has found that there are over 300,000 user phone numbers on Google due to WhatsApp. In February, the well-known messaging app corrected a similar situation, which allowed anyone to find links on Google to join a group. The problem, once again, therefore represented by the indexing of Google content.

The problem in the Click to Chat function

After conducting some tests, using specific search strings, Jayaram identified the telephone numbers of many people on the web. The cause to be found in the Click to Chat function, a tool used on different sites to allow direct communication on WhatsApp between the company and the user. By adding a WhatsApp icon or a QR code to your online portal, any activity offers customers the opportunity to get in touch quickly using the messaging app. When it happens, the metadata of the Click to Chat function, however, are indexed by the search engine and inside them including the telephone number. Specifically, the URL indicted this: https://wa.me/numeroditelefono. Each contact of WhatsApp, in fact, has its own personal link and if a real number, including the prefix, was inserted in place of the telephone number, it would also be possible to communicate with a person whose contact we have not registered.

The risks

Privacy issues are evident

: once the telephone contacts are obtained, the concrete risk is the continuous reception of spam emails or phishing attempts. Not only that, a hacker, who was able to locate these numbers, would also have access to the various profile pictures of the victims on WhatsApp. With an inverse search, he could find out if those photos are used on social media, thus also discovering the name and surname of the people, from whom the identity could be subtracted. Although the researcher has warned of this problem both WhatsApp and Facebook, through the related bug bounty program, received no reward. According to WhatsApp, Athul Jayaram would have simply provided the urls of people who use the service, knowing that their respective contacts would become public. So, at the moment, it is not clear how and if the known app will intervene, since what reported by the researcher was not considered an error.

June 8, 2020 (change June 8, 2020 | 13:00)


Source link


Please enter your comment!
Please enter your name here