Researchers warn that the highly popular mobile application WhatsApp cannot be trusted blindly.
WhatsApp has been one of the most popular mobile applications when it comes to exchanging messages for free. However, a group of budding security researchers at the University of New Haven in Connecticut, USA allege that WhatsApp could not be trusted with the user’s data.
The application, used extensively on mobile phones and tablets, handles quite a lot of traffic, which also implies that it deals with numerous personally identifiable information (PII).
The security researchers have found that when you share your location through WhatsApp, its software “called out” to Google Maps …without using Secure HTTP, better known as HTTPS”.
This implies that cyber sniffers, who keep prying the network traffic, can exactly pinpoint your location once you share it with other WhatsApp users.
The researchers demonstrated the flaw in the application with the help of NetworkMiner, a network sniffing tool running on Windows, which easily intercepted their geological coordinates and pinpointed the location on the Google Maps.
Video demonstration of how it is done:
WhatsApp has been trapped into privacy blunders earlier as well. The most infamous ones being usage of non secret information to
construct secret encryption keys and re-use of the one-time key material for cryptographic technique.
Although the company CEO, Jan Koum, swears that ‘user’s privacy is coded into our DNA,’ the outcome rarely matches the talks.
The company has been censured by Canadian and Dutch authorities for violating its nation’s privacy rules.
WhatsApp was recently acquired by Facebook for a whopping USD 19 billion. The silver lining, however, of this whole episode is not that bad.
WhatsApp has responded positively to the flaw discovered by the New Haven researchers and have assured that it will be fixed in the next software release. Until then, stay safe without sharing your location!!!