WhatsApp, the most popular messaging application on the planet, has a problem that allows hackers to very easily monitor the activity status of users without them knowing what is happening. An expert in computer security discovered the existing vulnerability in the WhatsApp application for iPhone and Android, offering the possibility that anyone can know if a person is active and reads/writes messages or not.
WhatsApp has this vulnerability in the platform after it was also discovered in Facebook Messenger last year, so Facebook did not take much care to remove it from all its platforms. Using this vulnerability, a hacker can monitor the activity of various people over time to know if they are talking to each other, but he cannot see the messages sent, so he does not know what they are talking about.
WhatsApp had the vulnerability exploited by the expert using a Chrome extension and only 4 lines of JavaScript code, so the technique itself is not very complex. WhatsApp has this problem due to the fact that the status of a person's activity on the platform can be checked by anyone, and based on logged in and out of the network, someone can know when users communicate with each other.
WhatsApp - communications Can be intercepted
WhatsApp should, in theory, allow the query of a person's activity status only by his applications, not by anyone else on the Internet. We are talking here about a security measure that WhatsApp does not impose for its platform, and thus any person can be monitored from the outside by anyone, including websites that can detect when certain people are active in the applications.
WhatsApp has not confirmed or denied the vulnerability, and the code required to constantly monitor a person's activity is somewhat more complex, but not impossible to achieve. WhatsApp certainly knows this, and since it chose not to protect a person's activity status information, it certainly has a pretty good reason to do so, even if the whole thing is problematic.
setInterval(function() { var lastSeen = $('.pane-header .chat-body .emojitext').last().text(); console.log(Math.floor(Date.now() / 1000) + ", " + lastSeen); }, 1000);
WhatsApp with this vulnerability reminds me of the old websites and programs created specifically to detect if a person is, or not, active on the Yahoo Messenger platform. The principle behind this existing vulnerability in WhatsApp is exactly the same, and from my point of view, I think it is unlikely that WhatsApp will solve it too soon because it has no reason to do so.
WhatsApp wants users on its platform to be monitored by others, otherwise it would not have decided to maintain this vulnerability.
