A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.
A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users. UPDATE A researcher is warning that a WhatsApp feature called “Click to Chat” puts users’ mobile phone numbers at risk — by allowing Google Search to index them for anyone to find. But WhatsApp owner Facebook says it is no big deal and that the search results only reveal what the users have chosen to make public anyway.
Bug-bounty hunter Athul Jayaram, who discovered the issue, calls the phone numbers “leaked” and characterizes the situation as a security bug that puts WhatsApp users’ privacy at risk.
Click to Chat offers websites an easy way to initiate a WhatsApp chat session with website visitors. It works by associating a Quick Response (QR) code image (created via third-party services) to a site owner’s WhatsApp mobile phone number. That allows a visitor to scan the site’s QR code or click on a URL to initiate a WhatsApp chat session – without the visitor having to dial the number itself. That visitor however still gains access to the phone number once the call is initiated.
mobile security privacy vulnerabilities web security click to chat data privacy facebook google google index google search phone numbers plaintext search index security flaw spam whatsapp whatsapp qr code
QR code usage is soaring in the pandemic — but malicious versions aren't something that most people think about.
whatsapp web-w app web-webs whatsapp-web.whatsapp.com-wsp web-web.whatsapp.com qr-whats up online-whatsappwebsite
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.Add a contact listing: Hackers can add a new contact listing on the user's phone and use it to launch a spear phishing or other personalized attack. Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.
The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.
Attackers could have exploited various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.