A naukri.com initiative
Medium
4w
289
Image Credit: Medium
I Know Which Device You Used Last Summer: Fingerprinting WhatsApp Users’ Devices
- WhatsApp's End-to-End Encryption (E2EE) protocol design suffers from some privacy issues in the Multi Device setting revealing information on the user devices.
- The disclosed information may include the devices’ operating system which can allow attackers to gain needed information about their victims.
- WhatsApp exposes-private information about the devices used by its users and does not provide any controls or settings for users to control the exposure.
- The leaked information may allow attackers to gain information such as the number of devices and changes to the setup by monitoring this data over time.
- Firewalls.com defines Operating System (OS) Fingerprinting as a way to identify different operating systems on networked devices.
- WhatsApp-Web-Plus is a popular open-source Chrome Web extension that includes a code helping to identify the sender's operating system.
- The report recommends that WhatsApp use the same message ID generation logic across all platforms and thus eliminate the fingerprinting opportunity altogether.
- Meta, the owner of WhatsApp, did not respond to the reporter's follow-up messages despite being informed of the issue.
- This information leakage may be used by attackers to install malware on their victims' devices and gain access to WhatsApp content.
- The report suggests that WhatsApp's responsiveness to researchers' reports on privacy issues found in its product is lacking and hopes that this attitude will change.
Read Full Article
17 Likes
For uninterrupted reading, download the app