cybersecurity

5159 readers

42 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Researchers discover security vulnerability in WhatsApp— Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerability (www.univie.ac.at)

submitted 11 hours ago* (last edited 11 hours ago) by Mod@reddthat.com to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

IT-Security Researchers from the University of Vienna and SBA Research identified and responsibly disclosed a large-scale privacy weakness in WhatsApp's contact discovery mechanism that allowed the enumeration of 3.5 billion accounts. In collaboration with the researchers, Meta has since addressed and mitigated the issue. The study underscores the importance of continuous, independent security research on widely used communication platforms and highlights the risks associated with the centralization of instant messaging services. The preprint of the study has now been published, and the results will be presented in 2026 at the Network and Distributed System Security (NDSS) Symposium.

top 1 comments

sorted by: hot top controversial new old

[–] adespoton@lemmy.ca 1 points 7 hours ago

What I find odd here is that I predicted exactly this problem back when WhatsApp first started using the protocol. I encouraged people to use Signal instead of WhatsApp because WhatsApp moved discovery outside the security model, where it would just require one “mistake” and all that data could be harvested. Plus, of course, once Meta bought them, they had unfettered access to this data.