WhatsApp, the largest text messaging network on the planet, is used by over 1 billion monthly users, but it also hides some dangers that affect them. One of them was recently revealed and it suggests that certain ways of using WhatsApp put us in a vulnerable position in front of people who want to harm us by using the platform.
More specifically, an application developer from Poland discovered that WhatsApp has a vulnerability that allows us to find out our location by simply sharing a link. We are talking here about a vulnerability in the security system of the messages sent by WhatsApp users, the traffic can be analyzed by any person who has access to the network to which we are connected.
Using this vulnerability, any ill-intentioned person can discover our location at the moment we share sent to us using WhatsApp. Although the WhatsApp application was intended to protect users, sharing a link reveals our IP address, along with many other information about our device and not only that.
WhatsApp - has a serious danger hidden in a vulnerability of the application
This vulnerability of the WhatsApp application can only be exploited when the user manually writes the link to be shared with a contact. If that link is copied and inserted into a WhatsApp conversation, then it will not affect the user, the vulnerability cannot be exploited in this way, here the users are protected by the application.
WhatsApp has a system that preloads the url address completely written by a user in the writing field in the application, but only if it has the protocol http:// or https:// written before the domain. At that moment, the application will preload the respective page, and then its server is accessed, the user's data being disclosed to the owner of the server that the WhatsApp application accesses.
"WhatsApp's encrypted messenger service may not be as secure as once thought, according to a new finding. A computer programmer discovered a flaw in the app that could be revealing the location of its users after they've sent a weblink using the service. He found that a facility designed to ensure that URL links sent via the app are not malicious was exposing IP addresses, the personal identifier assigned to each internet connected device, as well as other information."
WhatsApp has integrated the function to protect users who know in advance what they are accessing in order not to be directed to websites with malware. Unfortunately, this system of WhatsApp can also be used to retrieve information about our terminals, so it remains to be seen whether WhatsApp will solve the problem or not, in subsequent updates.
