WhatsApp bug allows for interception of shared locations

Share this article:

A vulnerability in WhatsApp that can enable an attacker to intercept shared locations has been acknowledged, but not yet fixed.

The bug was identified by researchers with the University of New Haven Cyber Forensics Research & Education Group. A video posted on Sunday demonstrates the vulnerability.

Users of the popular cross-platform messaging app must locate themselves on an in-app version of Google maps before sharing their locations, but because that Google maps location image is retrieved over an unencrypted “tunnel,” an attacker can intercept the data using a man-in-the-middle attack or a rogue access point, according to a Sunday post.

The researchers reported the bug to the WhatsApp security team, according to the post, which adds that a fix will be rolled out on all platforms in the next release.

Share this article:

Sign up to our newsletters

More in News

ECB database hacked, attackers ask for financial compensation

European Central Bank discovered the breach when it received an anonymous email requesting money in exchange for the data.

CyberMaryland conference returns, hosts job fair for military vets

The conference will be anchored by the Maryland Cyber Challenge and Competition, a security job fair, and more.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.