WhatsApp “Online” Status Feature Could be Used to Monitor the Users’ Programs

By

Software engineer Robert Theaton analysed WhatsApp’s online status feature and he came to the conclusion that it represents a vulnerability that could be exploited in order to track the users’ activity. He detailed everything in a blog post and he explained how this feature can be used to monitor when a user is online. While messages are encrypted and safe, it appears that the online status might be a weakness.

How does it work?

Theaton explained that he used four lines of Javascript code in order to begin tracking the last seen settings for a user. This way he was able to create a pattern. Anyone can track you if they have your mobile number saved and if you have connected that number to a WhatsApp account. It can be any stranger, since the online status appears to everyone, no matter if you have their number saved or not. Therefore, Theaton showed that you can be easily monitored if someone gets your phone number.

The blog post also shows that no one is able to protect himself from this because you cannot hide when you are online. You may switch your settings so that no one can see the last time you were seen, by limiting the privacy for “Last Seen”, but everyone will see when you are “online”.

Using this data someone can easily guess your entire program based on the hours when you are online. Theaton also showed us that it is also possible to track two users to see if they are online at the same time. This might require coding that is a bit more difficult, but it should not be a problem for anyone who knows the basics of coding. It appears that Facebook Messenger’s status has the same problem.

You may also like