New Delhi: Amidst reports that a loophole in WhatsApp could be exploited by scammers, thus posing a threat to your privacy, the company thinks it is not a matter of much concern.
Reports recently showed, a new bug has been discovered in WhatsApp that makes your phone number discoverable on Google search. The research found that the feature called 'Click to Chat' puts mobile numbers at risk.
Meanwhile WhatsApp, in an emailed statement to BGR said, “Our Click to Chat feature, which lets users create a URL with their phone number so that anyone can easily message them, is used widely by small and microbusinesses around the world to connect with their customers. While we appreciate this researcher’s report and value the time that he took to share it with us, it did not qualify for a bounty since it merely contained a search engine index of URLs that WhatsApp users chose to make public. All WhatsApp users, including businesses, can block unwanted messages with the tap of a button.”
All about the bug that exploits the loophole
As per the research, several websites use the Click to Chat facility to start a WhatsApp chat session with those visiting the website. The website and the site visitor can interact without having the need to save the WhatsApp number. It simply asks you to scan through a QR code image created via third-party services.
The users’ phone numbers is visible in plain text in the URL -- https://wa.me/<phone_number> -- that are consequently being used by scammers put together a list of exposed phone numbers.
The even severe threat on your privacy is that not only your number is searchable, the scammers who get hold of your number can actually do reverse-image search using your profile photo to find your other social media accounts.
In November 2019, a weird bug had surfaced that triggered snooping concerns via an MP4 file. If someone sent you an MP4 file on WhatsApp, guard against downloading it as hackers may use a critical vulnerability in the Facebook-owned app to execute snooping attack on both Android and iOS devices.
The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyber attack.
