WhatsApp bug allows for interception of shared locations

Share this article:

A vulnerability in WhatsApp that can enable an attacker to intercept shared locations has been acknowledged, but not yet fixed.

The bug was identified by researchers with the University of New Haven Cyber Forensics Research & Education Group. A video posted on Sunday demonstrates the vulnerability.

Users of the popular cross-platform messaging app must locate themselves on an in-app version of Google maps before sharing their locations, but because that Google maps location image is retrieved over an unencrypted “tunnel,” an attacker can intercept the data using a man-in-the-middle attack or a rogue access point, according to a Sunday post.

The researchers reported the bug to the WhatsApp security team, according to the post, which adds that a fix will be rolled out on all platforms in the next release.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.