WhatsApp Security Flaw Exposes User Device Information to Hackers

Wednesday, 30 April 2025 12:36

A new security vulnerability in WhatsApp's Multi-Device feature allows hackers to identify the types and number of devices used by users, posing a risk to their privacy and security. Hackers can exploit this flaw to send targeted malware based on the user's device operating system. While the vulnerability hasn't been widely exploited yet, it's advisable for users to exercise caution and avoid clicking on suspicious links or downloading files from unknown sources.

illustration whatsapp security vulnerability © copyright Rahul Shah - Pexels

A critical security flaw has been uncovered in WhatsApp's Multi-Device feature, which allows users to access their account on multiple devices simultaneously. This vulnerability, discovered by security researchers at Zengo, could potentially expose sensitive information about users' devices to hackers, raising concerns about user privacy and security.

Hackers Can Exploit WhatsApp's Multi-Device Feature

The vulnerability stems from WhatsApp's inconsistent message identification codes (message IDs) generated across different platforms. Each operating system, whether it's Windows, MacOS, Android, or iPhone, produces distinct message IDs, allowing hackers to identify the specific device used by a WhatsApp user.

For example, Android smartphones generate message IDs with 32 characters, while iPhones utilize 20 characters with a prefix. WhatsApp Desktop for Windows, on the other hand, uses 18 characters. These unique identifiers provide hackers with valuable clues about a user's device, enabling them to tailor their attacks accordingly.

Tal Be'ery, co-founder of Zengo, explained the implications of this vulnerability: "We found that different WhatsApp implementations on different platforms generate different message IDs, which allows us to identify them and know if a message originated from Windows."

Armed with this information, hackers can devise targeted attacks, potentially sending malware tailored to the specific operating system of a user's device. This creates a significant risk for users who rely on WhatsApp for communication and sharing sensitive information.

Meta Acknowledges the Vulnerability but No Timeline for Fix

Zengo researchers have reported the vulnerability to Meta, the parent company of WhatsApp. As of October 16, 2024, Meta has acknowledged the bug report, but a timeline for a fix has not been disclosed.

A Meta spokesperson stated, "We appreciate the researchers’ submission. We remain focused on protecting our users from various attacks while ensuring we can seamlessly run the services used by over 2 billion people around the world."

While this vulnerability hasn't been widely exploited yet, users are advised to exercise caution and avoid clicking on suspicious links or downloading files from unknown sources. Taking these precautions can help minimize the risk of falling victim to malicious attacks.

This incident highlights the importance of security updates and responsible disclosure practices. As Meta works on a fix, users are urged to stay informed about any new developments and implement appropriate security measures to protect their information.

Related Articles

WhatsApp's Disappearing Messages: How to Enhance Your Privacy with Self-Deleting Chats
Navigating Social Media: Tips for a Safe and Healthy Online Experience
Fix WhatsApp Notification Issues: No More Missed Messages
WhatsApp Adds Likes and Mentions to Status Updates for Enhanced Interaction
WhatsApp's New Edit Message Feature: A Time-Limited Fix for Typos and Mistakes
Gmail Users Beware: AI-Powered Phishing Scam Targets Your Account
WhatsApp's New AI Chatbot: Copilot is Here
Spice Up Your WhatsApp Messages with Text Formatting Tricks
Unmasking the Block: Signs You've Been Blocked on WhatsApp
Fix WhatsApp Download Issues: A Comprehensive Guide
Free Up Space and Boost Your WhatsApp Performance: A Quick Guide to Cleaning Up Channels
Spice Up Your iPhone WhatsApp Chats with Formatting Tricks