"Although users' messages remained encrypted, the researchers say they were able to harvest vast quantities of 'metadata'. This allowed them to discover personal information, including phone numbers, location, type of device, and the age of someone's account. Experts from the University of Vienna and SBA Research say that a security weakness allowed them to exploit WhatsApp's built-in contact discovery mechanism."
"Normally, this lets the app access a user's contact list to find other WhatsApp users by their phone numbers. However, the researchers found that there were no limits on how many contacts this mechanism could search for. By exploiting this flaw, the researchers were able to search through 100 million phone numbers every hour and access billions of user profiles."
A security weakness in WhatsApp's contact discovery mechanism allowed effectively unlimited queries, enabling mass harvesting of metadata from an estimated 3.5 billion profiles. Messages remained end-to-end encrypted, but exposed metadata included phone numbers, device type, location, and account age, enabling extensive profiling. The flaw permitted scanning at rates of about 100 million phone numbers per hour and mapped user data across 245 countries. Meta implemented mitigations and anti-scraping defenses, and the collected dataset was securely deleted. No evidence of malicious exploitation was reported following the mitigation efforts.
Read at Mail Online
Unable to calculate read time
Collection
[
|
...
]