WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK keeps up its legal losing streak over mass surveillance

    January 30, 2018

    Yet another defeat in the courts for the UK government’s use of mass surveillance as an indiscriminate and, as it frequently turns out, unlawful investigatory tool. Today the UK’s Court of Appeal handed down its ruling in a long running challenge to the 2014 Data Retention and Investigatory Powers Act (DRIPA) — judging that the regime’s bulk collection ...

  • Cisco Patches Critical VPN Vulnerability

    January 30, 2018

    Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 Series ...

  • GDPR: Deadline looms but businesses still aren’t ready

    January 25, 2018

    Under half of businesses are aware of upcoming data protection laws they’ll be subject to in just four months’ time — or what the new legislation means for how information security is handled. A lack of awareness about the forthcoming introduction of General Data Protection Regulation (GDPR) — a new set of rules from the European Union which ...

  • Nearly Half of the Norway Population Exposed in HealthCare Data Breach

    January 21, 2018

    Cybercriminals have stolen a massive trove of Norway’s healthcare data in a recent data breach, which likely impacts more than half of the nation’s population. An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million ...

  • A Secret Hacking Group Is Using Android Malware to Spy on Thousands of People in 21 Countries, Research Finds

    January 19, 2018

    A shadowy hacking campaign has been operating out of a Beirut building owned by the Lebanese General Directorate of General Security for the last six years, stealing text messages, call logs, and files from journalists, military members, corporations, and other targets in 21 countries, according to a joint report released today by cybersecurity firm Lookout and digital ...

  • Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

    January 17, 2018

    Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is an HTTP botnet malware ...