WhatsApp, Threema, Signal Vulnerability Can Expose User's Location: Report

KEY POINTSThree popular instant messaging apps have a vulnerabilityThis can be exploited and allow actors to locate usersThis is alarming especially for apps claiming they are secure and private

There is a way malicious actors can exploit to expose the location of secure instant messenger apps like WhatsApp, Threea and Signal, according to a new report.

Digital privacy advocacy group Restore Privacy reported a vulnerability among secure instant messenger apps that can pinpoint users' location with 80% accuracy depending on the success rate of a "specially crafted timing attack." The report noted that "the trick lies in measuring the time taken for the attacker to receive the message delivery status notification on a message sent to the target."

It explained, "because mobile internet networks and IM app server infrastructure have specific physical characteristics that result in standard signal pathways, these notifications have predictable delays based on the user's position." Based on the report, if one sends a message and determines the amount of time it takes until the receiver gets the said message, the timing will determine the distance the message traveled from the sender to the receiver.

The timing attack, according to the report, can give away the recipient's location by country, region, district, city, and if they are using WiFi- or mobile data. Researchers believe that this vulnerability can be exploited against secure instant messenger apps like WhatsApp, Threema and Signal.

"If the attackers perform enough tests to formulate an extensive dataset against a target, they could infer their position among a set of given possible locations in a city, like 'home,' 'office,' 'gym,' etc., based on nothing else but the delivery notification delay," the report claimed. "These notifications are standard across many popular IM apps, and the researchers confirmed they are exploitable against even the most (generally) secure messenger services, like Signal and Threema, as well as WhatsApp," it added.

The privacy advocacy group is alarmed about the implications of this vulnerability, especially since these apps advertised themselves as secure and private messengers. WhatsApp, for instance, has more than two billion users, while Signal and Threema have around 40 million and 10 million users, respectively.

"The implications of this attack are alarming from a user privacy perspective. These platforms, particularly Signal and Threema, promote themselves as secure and private messengers that go above and beyond the security of other platforms," the group said.

WhatsApp, a messaging platform used by more than two billion people, is part of Facebook's "family" of apps which includes its core social network as well as the visual social network Instagram AFP / Lionel BONAVENTURE

Read morePotential M2 Pro, M2 Max MacBook Pro Launch Imminent Because Of ThisResearchers Hack Musk's Starlink; Reverse-Engineer It To Work Like GPSInterpol Forms Special Crime Unit For Fighting Cryptocurrency WhatsApp

Popular Posts

Categories

Connect With Us On GlobalVision Media!

Quick Links

Policies

Categories

Copyright © 2025.GlobalVision Media All rights reserved.