If you are using WhatsApp and feel secure by the thought that your privacy mode is set to offline, well, you might have to think again.
A serious flaw has been detected in the cross-platform mobile messaging app which enables a user’s status to be tracked and also keep an eye of their changing profile pictures, privacy settings or status messages regardless of their privacy settings.
The web based tool called ‘WhatsSpy Public’ has been designed by Maikel Zweerink, a student of Dutch University. This tool is a web-oriented application that tracks every move of whichever user one wishes to follow. This application is setup as an ‘Proof of Concept’ that Whatsapp is broken in terms of privacy.
Once the application is set up, users can track WhatsApp users that they want to follow. Once it’s running, it keeps track of activities such as Online/Offline status, Profile pictures, Privacy settings and Status messages. The tool requires an SIM Card or non-Whatsapp used phone number and some other resources.
In a blog post on his website, he pointed out that his software tool has revealed that even a hacker without a WhatsApp account, can monitor the activities of a WhatsApp user even if he or she has turned on the privacy settings.
The software web-developer himself stated that, “I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with WhatsApp to build a bot, but I was stunned when I realised someone could abuse this “online” feature of WhatsApp to track anyone.
He also added that, “I could just say this in like a blog article that the privacy options are broken, but you wouldn’t realise the impact it actually has.”
This isn’t the first time there has been an issue regarding WhatsApp’s privacy. Few days ago, a report pointed out that a new security bug found in WhatsApp lets anyone see a user’s profile photos even if they have set it to ‘Contacts-only’. The 17-year-old security researcher, Indrajeet Bhuyan had discovered this problem.
The problem occurred due to the new web version. It is said to be a result of the phone app not being synced properly with the new web interface.