WhatsApp have a feature that users can keep their profile photo only for their friends,But now the bug is even if they have been set to be viewable to friends only, according to security researchers,it shows to strangers also.
The problem, which was found by 17-year-old security researcher Indrajeet Bhuyan, seems to be a result of the phone app not being properly synced with the new web interface.
There is a setting in WhatsApp is that Users are able to set their profile photo only with people they have as contacts. But the bug allows people to see the profile photos of strangers.
The web app also allows users to see photos that have since been deleted. On the phone app, those photos get blurred out — but on the web they seem to remain clearly forever.
"Sure, it's not the most serious privacy breach that has ever occurred, but that's missing the point," wrote security expert Graham Cluley in a blog post on the bug. "The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved."
After WhatsApp is bought by facebook,WhatsApp has been committed to ensuring security and privacy for its users, recently introducing end-to-end encryption.
The apps web client was introduced on January 21. While many were excited to finally be able to read and respond to messages from their PC, it also disappointed other users with its limited compatibility and functions.
Bhuyan has found holes in WhatsApp before, previously finding a way of forcing the app to crash on Android phones by sending a small message to users. Hope this Bug is solved as fast as possible and providing a security to lakhs of WhatsApp users.
The problem, which was found by 17-year-old security researcher Indrajeet Bhuyan, seems to be a result of the phone app not being properly synced with the new web interface.
There is a setting in WhatsApp is that Users are able to set their profile photo only with people they have as contacts. But the bug allows people to see the profile photos of strangers.
The web app also allows users to see photos that have since been deleted. On the phone app, those photos get blurred out — but on the web they seem to remain clearly forever.
"Sure, it's not the most serious privacy breach that has ever occurred, but that's missing the point," wrote security expert Graham Cluley in a blog post on the bug. "The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved."
After WhatsApp is bought by facebook,WhatsApp has been committed to ensuring security and privacy for its users, recently introducing end-to-end encryption.
The apps web client was introduced on January 21. While many were excited to finally be able to read and respond to messages from their PC, it also disappointed other users with its limited compatibility and functions.
Bhuyan has found holes in WhatsApp before, previously finding a way of forcing the app to crash on Android phones by sending a small message to users. Hope this Bug is solved as fast as possible and providing a security to lakhs of WhatsApp users.
0 facebook-blogger:
Post a Comment