New tool lets anyone monitor messaging apps using just their phone numbers
www.techradar.com
New tool lets anyone monitor messaging apps using just their phone numbers

Three billion WhatsApp users are at risk - an expert has developed a tool that could spy on everyone, and you would never know about it

  • hoshikarakitaridia@lemmy.worldEnglish
    141·
    2 days ago

    IT hobbyist here. This guy knows his stuff. Dangerous attacks are the ones that are very low effort with medium to high reward. This attack is high effort and low reward. This is one of these trivia things, that you will virtually never see in the wild.

    • pcouy@lemmy.pierre-couy.frEnglish
      41·
      2 days ago

      This is not high effort. Starting from an open source WhatsApp client library, reproducing the attacks described in the research paper is trivial. There are even a few public github repos implementing PoCs of this.

      Whether the reward should be considered high or low is ultimately subjective. What is objectively verifiable, however, is that an attacker can continuously (and silently) monitor several aspects of a target’s environment, including:

      • the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
      • the locked or unlocked state of the target’s phone
      • whether the phone is connected via Wi-Fi or a mobile network
      • whether the WhatsApp application or browser tab is running in the foreground or background.

      In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance.

    • Tinidril@midwest.socialEnglish
      3·
      2 days ago

      High effort is not a great thing to count on. Once these things are discovered there are all sorts of clever (or not so clever) ways to automate the effort away. Especially now with AI.