WhatsApp security bug shows private pictures to strangers
Problem seems to be a consequence of new web client not syncing properly with app
Your support helps us to tell the story
As your White House correspondent, I ask the tough questions and seek the answers that matter.
Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.
Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election
Andrew Feinberg
White House Correspondent
A security problem in WhatsApp means that anyone can see users’ profile photos, even if they have been set to be viewable to friends only, according to security researchers.
The problem, which was found by 17-year-old security researcher Indrajeet Bhuyan, seems to be a result of the phone app not being properly synced with the new web interface.
Users are able to set WhatsApp so that it only shares their profile photo with people they have as contacts. But the bug allows people to get around that and see the profile photos of strangers.
The web app also allows users to see photos that have since been deleted. On the phone app, those photos get blurred out — but on the web they seem to remain clearly forever.
“Sure, it’s not the most serious privacy breach that has ever occurred, but that’s missing the point,” wrote security expert Graham Cluley in a blog post on the bug. “The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.”
WhatsApp has been committed to ensuring security and privacy for its users, recently introducing end-to-end encryption.
The apps web client was introduced on January 21. While many were excited to finally be able to read and respond to messages from their PC, it also disappointed other users with its limited compatibility and functions.
Bhuyan has found holes in WhatsApp before, previously finding a way of forcing the app to crash on Android phones by sending a small message to users.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments