WhatsApp is the most widely used chatting utility around in the world for every smart-phone, users don’t question much about the security for the user’s data and it leads to many kinds of unintended data leaks. Most of the people do believe that due to end-to-end encryption for sides, all the messages and all kind of user’s data transmission is safe with WhatsApp, but the truth is there is no system which is practically flawless.
They are using WhatsApp’s Click on the Chat feature frequently and then your phone number or the WhatsApp number may be showing up in Google search results in some specific cases. There have been thousands of such reported issues happened around in global level and only God knows how many unreported cases here. Athul Jayaram, an independent cybersecurity researcher from India recently reported that around there has been a leak up to 29000 to 300000 via Whatsapp web portal for the WhatsApp users’ mobile numbers in plaintext that can be accessed by any internet user.
The Click to Chat feature lets the customer create QR codes and URL links in this structure – wa.me/<phoneNumber> that let others can use to reach those numbers through WhatsApp without using the smart-phone and without saving the number in the contact list. The feature itself is actually most useful for the people who use WhatsApp for business communication because saving all the numbers in the contact list is just not possible. But using this feature can make your phone number publicly searchable or retrievable on Google search results.
Now, your Phone Number carries for the many identification details of yours and it is an essential thing online banking and many login features, the leakage of your Phone Number in more specific type of criminals can cause grave risk for you. So, need to make sure including thing does not happen to you.
The biggest flaw for the ‘Click to Chat feature’ is that Google’s search engine also adds of their phone number to Google’s search index by indexing the feature’s metadata. According to Athul, who is a cyber-security researcher, the user’s mobile number gets revealed as part of a URL string which goes on to leak the phone numbers for that particular WhatsApp user in a plaintext. Nevertheless, the worst part is that it cannot be revoked.
The researcher also stated that the system actually makes it much simpler for spammers to collect for the user’s mobile number to spam them. Athul further added approximate 300000 phone numbers have been leaked on Google Search in plain text. It all the more disturbing is that Athul was also able to view the profile pictures of WhatsApp users. This can actually make it easier for the hacker to perform a reverse search on an image on Google to track down the user’s location.
On May 23, Athul discovered the bug and contacted Facebook regarding the issue. The company responded that the issue doesn’t qualify for the bug bounty as only Facebook platforms were part for the bounty program. In additionally, the company suggested that it is not that biggest deal as users select to make the information public.
Lorem ipsum viverra feugiat. Pellen tesque libero ut justo, ultrices in ligula. Semper at. Lorem ipsum dolor sit amet elit. Non quae, fugiat nihil ad. Lorem ipsum dolor sit amet. Lorem ipsum init dolor sit, amet elit. Dolor ipsum non velit, culpa! elit ut et.
Lorem ipsum dolor sit amet elit. Velit beatae rem ullam dolore nisi esse quasi, sit amet. Lorem ipsum dolor sit amet elit.