Related news

It is well known that on the internet you have to be very careful, behind an email, an attractive advertisement or a publication on social networks, a computer attack can hide. Among the contacts of WhatsApp —the most used application in Spain— you can have a feeling of false confidence, however, security risks have been reported through this application on countless occasions. Now it has been discovered a bug recently in the status section that allows knowing the location of a user.

There are different ways to get the most out of the application to get to know information from other users, to read new messages sent by other users without them knowing, and you can even find out who is gossiping about your statuses or gossiping about other user’s statuses without they know. But this time, it is a hole in the states that allow knowing where is a user in a subtle and accurate way.

The states came to WhatsApp, inspired by Instagram Stories, a social network from the same company, which in turn were an imitation of Snapchat. Social networks always copying each other to follow the wave of the moment. However, what should be a way to temporarily share trivia with friends, can be a trap if used with bad intentions.

Gaspar Cano warns of this risk in a blog article the evil side of Chema Alonso, Spanish hacker and member of the Executive Committee of Telefónica. Cano states that with the use of links in the states it is possible to geolocate a contact at a certain time, an invasion of privacy for which users have not been warned.

For those who have never used them, since they are not one of the most popular functions of WhatsApp, the statuses can be videos and images with elements such as text or links that are shared through the user’s profile image. They have an expiration date of 24 hours and each one can adjust which contacts they allow to access that post.

cheat link

Anyone can share Internet content among their contacts through the state. Surely he will also do it on Instagram and on other networks such as Twitter. The first problem is whether the person sharing the content take advantage of technology to spy on your contacts.

Geolocation data

the evil side omicron

This part requires some computer knowledge that not everyone has, but it demonstrates once again the dangers that can lie behind a simple link. By redirecting contacts to a website other than WhatsApp, the hacker creates what is known as a MySQL table for the purpose of store personal information such as the geolocation of the IP addresses of visitors. That is, a database on the IP address of those who enter the web from WhatsApp.

With those IP addresses, they know the location of the person. Other details can also be collected, such as the Internet provider the person uses, whether a mobile network or a fixed connection is used, “exposing the browsing privacy of contacts in a way that is neither authorized nor requested,” says Cano.

WhatsApp gives clues

If this already involves an invasion of people’s privacy, the security flaw grows with the help of the messaging application itself. The difference with other social platforms is that WhatsApp provides much more information about interactions with that state.

Comparative WhatsApp and Instagram

Omicrono – The side of evil omicron

After sharing the status, its owner then receives a report with all the contacts who have seen it and clicked on the link. The most worrying thing is that indicates the exact time of that interactionand of course, the phone and name of the person, something that Instagram does not do, as can be seen in the previous comparison.

By joining both databases, the hacker can know who entered the link at what time, and by extension, know where that person was at that precise moment. It may seem like a very complicated resource for anyone to implement, but it is certainly a possibility that must be taken into account when using this WhatsApp feature.

security recommendations

Gaspar Cano considers that the WhatsApp status access log should be less “detailed”, and make it more similar to that of Instagram“. For an app that protects its messages with end-to-end encryption, giving so much detail about what other users are doing seems counterintuitive. However, remember that this it also happens in chats when one person can tell if another is online or typing and if they have read a message or listened to an audio.

On the part of the users, certain measures can be taken, such as disable read receipts, a very simple trick to prevent the person who has published the status from knowing that you have consulted it. Another option is to use a VPN that protects browsing data, including geolocation, and prevents websites from knowing that information.

Above all, it is important to always check which link is being accessed, in the WhatsApp states you can see the full link, on Instagram it is more camouflaged with a text, but reviewing it can give certain clues as to whether it is a secure website or not, something which is also recommended for the use of QR codes, so popular in recent years.

You may also like…

Follow the topics that interest you