430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WhatsApp collects phone numbers, call duration, and a lot of metadata

A group of experts  has conducted a research that demonstrates the type of data that can be gathered through the forensic study of WhatsApp. A new research conducted by forensic researchers at the University of New Haven (F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber […]

WhatApp zero-day

A group of experts  has conducted a research that demonstrates the type of data that can be gathered through the forensic study of WhatsApp.

A new research conducted by forensic researchers at the University of New Haven (F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group) is worrying the large community of WhatsApp users. The experts demonstrated that the popular messaging service WhatsApp collects data on phone calls, including in numbers, call duration and other information.

“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps,” said Baggili.

The experts discovered that WhatsApp implements the FunXMPP protocol, a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP) for the near-real-time exchange of structured data.

The group of researchers decrypted the connection between the WhatsApp client and servers, then they were able to view exchanged messages using a custom-made command-line tool they have created for the analysis.

According to the boffins, this is the first time a research group has probed how WhatsApp uses signalling messages to establish voice calls.

The team has focused its analysis on the signalling messages exchanged during a WhatsApp call established with an Android device, the experts have studied the authentication process implemented by the WhatsApp clients and uncovered the codec used by WhatsApp for voice media streams, the Opus at 8 or 16 kHz sampling rates.

whatsapp metadata

The analysis of the traffic allowed to discover which data the client sends to the servers while establishing a call. Data includes WhatsApp phone numbers, WhatsApp phone call establishment metadata, date-time stamps, and WhatsApp phone call duration metadata.

The researcher discovered much more, they examined how relay servers are announced and the relay election mechanism, and how WhatsApp clients announce their endpoint addresses to use for the media streaming, along with the relay server IP addresses used during the calls.

The experts published a paper entitled WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages that includes details of their study.

Pierluigi Paganini

(Security Affairs – WhatsApp, mobile)