use the statuses to know the exact location of any contact

There is no impregnable software and all, even the most advanced, are susceptible to errors. The turn was this time for WhatsApp: a bug was discovered in the status section that allows know the location of any user.

And while there are multiple tricks to get the exact position in which a certain contact is on the list, a hole in the states allows you to know exactly where is the person you want to follow.

In this way, what should be an entertaining way to temporarily share curiosities with friends can become a threat if used with bad intentions.

The statuses came to WhatsApp, inspired by Instagram Stories, a social network from the same company and although they are not one of the most popular functions within the messenger, they hide a trap for the curious.

 

Photo: EFE

Statuses can be videos and images with elements like text or links that are shared through the user’s profile picture. They have an expiration date of 24 hours and each one can adjust which contacts they allow access to that publication.

The problem is when someone, out of curiosity or boredom, decides to see the content of someone who intentionally added tracking links using tables in MySQL for those who enter to see it.

Thus, after sharing a misleading state, the owner then receive a report with all the contacts who have visited it and who have clicked on the link. In addition to the exact time of that interaction and the name of the personsomething that Instagram does not do.

The hacker can know where that person was at that precise moment. It may seem like a very complicated resource for anyone to implement, but it is certainly a possibility that must be taken into account when using this WhatsApp feature.

Other methods of espionage

The dangers in video calls. Photo Juano Tesone. The dangers in video calls. Photo Juano Tesone.

When the connection is made to establish WhatsApp video calls, communication with the recipient’s IP is activated and that is when confidential information would be leaked.

That an attacker accesses the public IP of WhatsApp users also implies that he could obtain control over their movements, that is, it would have the possibility to track its location since it would have access to that location history.

But the most serious thing is that having knowledge of the users’ IPs could lead to attacks on the computer – be it mobile or desktop – if the criminal were to exploit the vulnerability.

Tips

To avoid deception and cheating, WhatsApp provides some security solutions to narrow the risk gap.

  • Choose who can see the privacy of the statuses: as its name indicates, it allows you to select which people will be able to view what is uploaded to the statuses.
  • Most of the threats arrive through fraudulent links and harmful files. We must be very careful with these messages and not trust everything we receive, even if it comes from a trusted contact.
  • The advantage of WhatsApp Web is to use the account in any browser, but the problem is that anyone could access it later, in case of using a public computer or someone else’s.
  • Turn on 2-Step Verification and provide an email address in case you forget your PIN.
  • Never share your 2-Step Verification PIN or registration code with others.
  • Be careful who has physical access to the phone. If someone physically accesses, they can use the WhatsApp account without permission.

By Editor

Leave a Reply