Whatsapp exploit can give a glimpse of your sleep, chatting habits

By JC Torres/Oct. 10, 2017 8:29 pm EST

WhatsApp, despite its claims to privacy and end-to-end encryption, has never really recovered from the scandals that plagued it, especially after its acquisition by Facebook. This recently discovered vulnerability doesn't help it either, especially when it can, amusingly or not, be used to establish infidelity. All that from an exploit that allows others to see your online and last seen status, which can eventually be correlated to your sleeping patterns and who you might be chatting with.

Before sounding the alarm, it should be noted that the exploit is actually very superficial on some level. It can't give others access to your messages and other information that you have chosen to withhold from the public. And the vulnerability seems to also only work if the targets are already in your contacts list. Meaning whoever is spying on you is someone you probably already know.

What the exploit does reveal, in just 4 lines of Javascript code wrapped in a Google Chrome browser extension, is your online status. If you didn't configure your settings right, it will also reveal your "Last seen" time as well. And yes, these might seem like very mundane information, but, to an enterprising mind, it could be a data treasure trove begging to be mined.

The vulnerability was publicized by Robert Heaton, famous for his other disclosures of privacy vulnerabilities involving social networks like Facebook and Tinder. The scenario he paints is almost comical but nonetheless plausible. By gathering data over contacts' online and, if lucky, last seen statuses over time, one can establish not just use pattern but even sleep pattern. This is especially relevant considering how users these days usually only go offline when they sleep (if at all). The data can even be used to correlate who talks to whom, though it's a less exact science.

This issue stems from a rather simple fact that users' online status is publicly available to any other contact. While there is some privacy control over the last seen status, there is nothing similar for plain online/offline states, making it almost too easy for anyone of your contacts to start stalking you on WhatsApp.

SOURCE: Robert Heaton