• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Intelligence could exploit Whatsapp bug to track users location

Intelligence could exploit Whatsapp bug to track users location

Pierluigi Paganini April 16, 2014

A group of researchers discovered a vulnerability in WhatsApp “Location Share” feature which exposes user’s location to the attackers.

Security issues related to WhatsApp application are not a novelty, so popular application are continuously targeted by hackers and security experts that search for vulnerabilities to exploit. Early 2014 experts at Praetorian have been conducting the Project Neptune to assess the security for designing and maintenance of mobile apps, including WhatsApp.

The researchers  discovered different security issues in the way WhatApp implements SSL, the principal one is the lack of enforcing the “certificate pinning“ which exposed users to the risk of man-in-the-middle attacks, but the company after different alert fixed the flaws.

A last bug discovered in WhatsApp app exposes user’s location to attackers, in particular under analysis there is the WhatsApp “Location Share” feature.

According to Researchers at UNH Cyber Forensics Research & Education Group, the location sharing feature implemented by WhatsApp  could expose user’s location to attackers and Intelligence Agencies.

As illustrated by colleagues at The Hacker News in order to share their location on WhatsApp, users need to first locate themselves on Google Map within the app window.

WhatsApp location hacking

Once the user has selected the position, WhatsApp fetches it and takes an image from the Google Map service, the thumbnail is then shared as the message icon. In this phase the user’s location is exposed because WhatsApp downloads the image through an unencrypted channel from Google allowing an attacker to capture it with a Man-in-the-middle attack.

Below the video Proof of Concept:

“We were not able to intercept the image until the message was sent from the phone, indicating that the download of the image did not occur until the message was actually sent.” researcher said.

In order to perform the MITM attack, the bad actor must be in the same network, this means the attacker must be around its victim, probably already knowing his location … but if an attacker is able to conduct a MITM attack on a large scale, the scenario changes.

 “such short-range dependency makes this vulnerability of very low severity level for normal attackers, but spy agencies like NSA or GCHQ, those are capable to perform large scale MITM attacks, could exploit this flaw to trace users’ locationnation-wide.” explained in a comment by Mohit Kumar.

The researchers have promptly reported the vulnerability to WhatsApp which has fixed it in the latest beta version available on company official website, soon the fix will be deployed also for the official release.

Waiting for the fix, it is suggested to avoid sharing location using WhatsApp when connected to an un-trusted network.

Pierluigi Paganini

(Security Affairs –  WhatsApp, mobile)


facebook linkedin twitter

Certificate Pinning GCHQ Hacking man-in-the-middle attacks NSA The Hacker News WhatsApp

you might also like

Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more
Pierluigi Paganini July 25, 2025
Mitel patches critical MiVoice MX-ONE Auth bypass flaw
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    Coyote malware is first-ever malware abusing Windows UI Automation

    Malware / July 24, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT