It has come to light that a potential security problem found in WhatsApp could mean that anyone could see a users’ profile photos. According to security researchers, this is even ‘if’ they have been set to be viewed by friends only. The security flaw, which was located by 17-year-old security researcher Indrajeet Bhuyan, appears to be the result of the phone application not being properly synced with the new web interface. Bhuyan is not new to locating holes in WhatsApp. He has previously found a way of forcing the app to crash on Android phones by sending a small message to users.
In WhatsApp, a user is able to configure the application so that it will only share their profile photo with people that they have saved as contacts.
Apparently, this bug can allow another person to circumvent that and see the profile photos of strangers. The web version of the app allows users to look at photos that have since been deleted. On the phone app, those photos become blurred out, but on the web app they appear to remain clear.
Security expert Graham Cluley wrote in a blog post on the bug, “Sure, it’s not the most serious privacy breach that has ever occurred, but that’s missing the point…The fact of the matter is that WhatsApp users chose to keep their profile photos private, and their expectation is that WhatsApp will honour their choices and only allow their photos to be viewable by those who the user has approved.”
The team at WhatsApp are committed to making sure security and privacy for its users remains paramount and they have shown this by recently introducing end-to-end encryption on the service.
The WhatsApp web client was introduced a couple of weeks back on January 21. This excited many as they were finally able to respond to messages from their PC, but by the same token it also disappointed lots of other users because of the limited compatibility and functionality the client has.
[Image via time]