WhatsApp security bug shows private pictures to strangers
Problem seems to be a consequence of new web client not syncing properly with app
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A security problem in WhatsApp means that anyone can see users’ profile photos, even if they have been set to be viewable to friends only, according to security researchers.
The problem, which was found by 17-year-old security researcher Indrajeet Bhuyan, seems to be a result of the phone app not being properly synced with the new web interface.
Users are able to set WhatsApp so that it only shares their profile photo with people they have as contacts. But the bug allows people to get around that and see the profile photos of strangers.
The web app also allows users to see photos that have since been deleted. On the phone app, those photos get blurred out — but on the web they seem to remain clearly forever.
“Sure, it’s not the most serious privacy breach that has ever occurred, but that’s missing the point,” wrote security expert Graham Cluley in a blog post on the bug. “The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.”
WhatsApp has been committed to ensuring security and privacy for its users, recently introducing end-to-end encryption.
The apps web client was introduced on January 21. While many were excited to finally be able to read and respond to messages from their PC, it also disappointed other users with its limited compatibility and functions.
Bhuyan has found holes in WhatsApp before, previously finding a way of forcing the app to crash on Android phones by sending a small message to users.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments