WhatsApp security flaw lets experts scrape 3.5 billion user numbers


WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints.

The researchers were able to gather huge amounts of phone numbers, public profile photos, account status text, business tags, and information tied to end-to-end encryption keys.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Satellite Phone Encryption Calls Can be Cracked in Fractions of a Second

    July 10, 2017

    Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases. The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing ...

  • Medicare data leaks, but who was breached?

    July 4, 2017

    Medicare numbers in Australia became a lot less useful as a proof-of-identity, with the Australian Federal Police investigating how an unknown number of records ended up for sale on a Tor site. The report first surfaced via The Guardian’s Australian site, with journalist Paul Farrell reporting he purchased his own record for around AU$30 on the ...

  • Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

    July 3, 2017

    Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data. Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS X. It’s ...

  • Civil rights warriors get green light to challenge UK mass surveillance

    June 30, 2017

    The High Court in London, England, has given Liberty permission to challenge parts of the UK’s Investigatory Powers Act. The act, which was passed into law last year, offers the state unprecedented powers to monitor the population en masse, and to collect and retain bulk personal and communications data. It has been roundly condemned by privacy and ...

  • Virgin Media tells 800,000 users to change passwords over hub hacking risk

    June 23, 2017

    Virgin Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it. Virgin Media said the risk to customers with a Super Hub 2 router was small, but advised them to change both their network and router passwords if they were ...

  • Breach at UK.gov’s Cyber Essentials scheme exposes users to phishing attacks

    June 21, 2017

    The operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme’s badges are required by all suppliers bidding for “certain sensitive and personal information-handling contracts”. Companies were notified of the problem, which leaves them at greater risk of phishing attack, through ...