WhatsApp Security Flaw Exposes User Device Information to Hackers

Wednesday, 30 April 2025 12:36

A new security vulnerability in WhatsApp's Multi-Device feature allows hackers to identify the types and number of devices used by users, posing a risk to their privacy and security. Hackers can exploit this flaw to send targeted malware based on the user's device operating system. While the vulnerability hasn't been widely exploited yet, it's advisable for users to exercise caution and avoid clicking on suspicious links or downloading files from unknown sources.

Table of Contents

Hackers Can Exploit WhatsApp's Multi-Device Feature
Meta Acknowledges the Vulnerability but No Timeline for Fix

A critical security flaw has been uncovered in WhatsApp's Multi-Device feature, which allows users to access their account on multiple devices simultaneously. This vulnerability, discovered by security researchers at Zengo, could potentially expose sensitive information about users' devices to hackers, raising concerns about user privacy and security.

Hackers Can Exploit WhatsApp's Multi-Device Feature

The vulnerability stems from WhatsApp's inconsistent message identification codes (message IDs) generated across different platforms. Each operating system, whether it's Windows, MacOS, Android, or iPhone, produces distinct message IDs, allowing hackers to identify the specific device used by a WhatsApp user.

For example, Android smartphones generate message IDs with 32 characters, while iPhones utilize 20 characters with a prefix. WhatsApp Desktop for Windows, on the other hand, uses 18 characters. These unique identifiers provide hackers with valuable clues about a user's device, enabling them to tailor their attacks accordingly.

Read Also: WhatsApp's Disappearing Messages: How to Enhance Your Privacy with Self-Deleting Chats

Tal Be'ery, co-founder of Zengo, explained the implications of this vulnerability: "We found that different WhatsApp implementations on different platforms generate different message IDs, which allows us to identify them and know if a message originated from Windows."

Armed with this information, hackers can devise targeted attacks, potentially sending malware tailored to the specific operating system of a user's device. This creates a significant risk for users who rely on WhatsApp for communication and sharing sensitive information.

Meta Acknowledges the Vulnerability but No Timeline for Fix

Zengo researchers have reported the vulnerability to Meta, the parent company of WhatsApp. As of October 16, 2024, Meta has acknowledged the bug report, but a timeline for a fix has not been disclosed.

A Meta spokesperson stated, "We appreciate the researchers’ submission. We remain focused on protecting our users from various attacks while ensuring we can seamlessly run the services used by over 2 billion people around the world."

While this vulnerability hasn't been widely exploited yet, users are advised to exercise caution and avoid clicking on suspicious links or downloading files from unknown sources. Taking these precautions can help minimize the risk of falling victim to malicious attacks.

This incident highlights the importance of security updates and responsible disclosure practices. As Meta works on a fix, users are urged to stay informed about any new developments and implement appropriate security measures to protect their information.