ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

17-Year-Old Found Bugs in WhatsApp Web and Mobile App Unknown rwxr-xr-x 0 2/02/2015

Filename 17-Year-Old Found Bugs in WhatsApp Web and Mobile App
Permission rw-r--r--
Author Unknown
Date and Time 2/02/2015
Label
Action
./Arizona Team

Last week, the most popular mobile messaging application WhatsApp finally arrived on the web — dubbed WhatsApp Web, but unfortunately it needs some improvements in its web version.

An independent 17-year-old security researcher Indrajeet Bhuyan reported two security holes in the WhatsApp web client that in some way exposes its users’ privacy. Bhuyan called the first hole, WhatsApp photo privacy bug and the other WhatsApp Web Photo Sync Bug.



























 Bhuyan is the same security researcher who reported us the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations.

Whatsapp Photo Privacy Bug

According to him, the new version of WhatsApp Web allows us to view a user’s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to "Contacts Only," the profile picture can be viewed by out of contacts people as well.

Basically, if we set the profile image privacy to Contacts Only, only the people in our contact list are able to view our profile picture, and nobody else. But, this is not in the case of WhatsApp Web

WhatsApp Web Photo Sync Bug

The second security hole points out the WhatsApp Web Photo Syncing functionality. Bhuyan noticed that whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can’t be viewed.

However, the same photo, which has already been deleted by the user from mobile WhatsApp version, can be accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly.

This is no surprise, as WhatsApp Web introduced just a couple of days before and these small security and implementation flaws could be expected at this time, as well as some other bugs could also be revealed in the near future.

However, the company will surely fix the issues and will definitely make its users’ messaging experience secure. As partnered with Open Whisper Systems, WhatsApp recently made end-to-end encryption a default feature on Android platform, stepping a way forward for the online privacy of its users around the world.

www.arizonainfotech.com
CEHv8 CHFIv8 ECSAv8 ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan