Bad news for the millions of users who use WhatsApp every day: a new vulnerability discovered in the most used messaging platform in the world , could jeopardize our privacy by revealing sensitive data about the use we give to the application.
Robert Heaton, a software engineer expert in computer security , has concluded that, taking advantage of a gap in the operation of WhatsApp Web, the platform’s desktop variant, it would be possible to know when a user goes to bed or when he wakes up , and what is even more serious: who is he talking to .
Any WhatsApp user could know who you talk to
According to the person in charge of this investigation, any person, as long as he has a computer at hand, could take advantage of the vulnerability and obtain sensitive data about any other WhatsApp user – although there are exceptions, of course. The fault lies in the “last connection time” tool that appears at the top of each chat window next to the name of the contact in question. Apparently, every time this information is updated, the changes are recorded in an internal file of the application, and it is enough to access it – from the browser’s developer menu, for example – to obtain the last connection hours.
But that is not the worst, after all, knowing the hours we sleep a day is not too serious. However, if we add to this the possibility of obtaining this same data from any other user, it is quite simple to know if two contacts of the same “circle” are talking at a specific moment simply by crossing the data of both. As Heaton points out, it would be enough to create a pattern that relates the last connection of the user with that of one of their contacts , to discover that, most likely, both are having a conversation via WhatsApp when the connection hours are simultaneous several times. Logically, when carrying out this espionage , the two users to be monitored must be in the contact list.
Unfortunately, since this is the normal operation of the application, and it is not an error as such, it is unlikely that Facebook will decide to remedy the matter . In addition, since most messaging apps have a last connection logging system very similar to WhatsApp, this vulnerability can be extrapolated to others such as Messenger or Telegram.