Spying on someone on WhatsApp is possible: you can know who he talks to and when he sleeps

Bad news for the millions of users who use WhatsApp every day: a new vulnerability discovered in the most used messaging platform in the world , could jeopardize our privacy by revealing sensitive data about the use we give to the application.

Robert Heaton, a software engineer expert in computer security , has concluded that, taking advantage of a gap in the operation of WhatsApp Web, the platform’s desktop variant, it would be possible to know when a user goes to bed or when he wakes up , and what is even more serious: who is he talking to .

Any WhatsApp user could know who you talk to

According to the person in charge of this investigation, any person, as long as he has a computer at hand, could take advantage of the vulnerability and obtain sensitive data about any other WhatsApp user - although there are exceptions, of course. The fault lies in the “last connection time” tool that appears at the top of each chat window next to the name of the contact in question. Apparently, every time this information is updated, the changes are recorded in an internal file of the application, and it is enough to access it - from the browser’s developer menu, for example - to obtain the last connection hours.

Taking advantage of this information, Robert Heaton decided to go further, creating a simple extension for Google Chrome based on JavaScript of only four lines of code, which allows monitoring the use of the application of any contact , accessing the aforementioned file every ten seconds period . In this way, it would be possible to accurately obtain the victim’s usage patterns , and even get an idea of their sleep cycles if we start from the basis that WhatsApp is usually the last app we consult in our day to day, and the first one we see when we wake up in the morning.

But that is not the worst, after all, knowing the hours we sleep a day is not too serious. However, if we add to this the possibility of obtaining this same data from any other user, it is quite simple to know if two contacts of the same “circle” are talking at a specific moment simply by crossing the data of both. As Heaton points out, it would be enough to create a pattern that relates the last connection of the user with that of one of their contacts , to discover that, most likely, both are having a conversation via WhatsApp when the connection hours are simultaneous several times. Logically, when carrying out this espionage , the two users to be monitored must be in the contact list.

Unfortunately, since this is the normal operation of the application, and it is not an error as such, it is unlikely that Facebook will decide to remedy the matter . In addition, since most messaging apps have a last connection logging system very similar to WhatsApp, this vulnerability can be extrapolated to others such as Messenger or Telegram.

Leave a Reply