Friday, January 30, 2015

Another Bug in WhatsApp Web.


                     A famous messaging application owned by Facebook known as #WhatsApp has introduced a new feature known as #WhatsApp Web. Recently a new bug has been discovered by a 17 year old security researcher. He reported two security holes in the WhatsApp web client that in some way exposes its user's privacy.

                      The new version of WhatsApp Web allows the user to view a user's profile image even if the user are not on the contact list of the user. This bug can be exploited if the user has set the profile picture can be viewed by out of contacts people as well. In normal messaging app if the privacy is set to contacts only other user can not see the profile picture.

                        But this does not work for WhatsApp Web. This is one of the security bug prevails in the WhatsApp Web. The second security hole point exist in the photo syncing functionality. He reveals that whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can not be viewed.

                         However the same photo which has been deleted from mobile WhatsApp version can be accessible by WhatsApp Web as the photo does not get deleted from its web client. WhatsApp is expected to patch this vulnerability soon.

 P.S : The post is to create awareness and not to create  any negative impact.

                       
Posted by at

7 comments:

  1. RajanJanuary 30, 2015 at 6:32 PM

    Useful info..s..pragadeesh...hats off

    ReplyDelete
  2. PrakatheeshJanuary 30, 2015 at 8:22 PM

    Thanks Dude.... :) Don Forget to share it with Friends.....

    ReplyDelete
  3. AnonymousJanuary 31, 2015 at 12:55 AM

    I dont agree with the last point coz I have tested it many times in web client. If you delete a photo via mobile whatsapp and it is clearly updating in web client and stating a message as" u deleted the message" without any blurred image.

    ReplyDelete
  4. AnonymousJanuary 31, 2015 at 12:56 AM

    Please confirm it king
    Its my kind suggestion as a viewer of ur blog

    ReplyDelete
  5. PrakatheeshJanuary 31, 2015 at 7:31 AM

    Nabeel thanks for your query. There s a proof of concept available I ll post it for reference and these bugs has been approved by whatsapp and they are preparing patch for it . Thanks again for ur response

    ReplyDelete
  6. AnonymousJanuary 31, 2015 at 9:46 AM

    thanks bro..keep blogging always

    ReplyDelete
  7. PrakatheeshFebruary 2, 2015 at 8:40 AM

    Yeah sure Nabeel... Thanks for ur encouragement.... :)

    ReplyDelete

Subscribe to: Post Comments (Atom)