Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

WhatsSpy Public tool can spy on Whatsapp users

WhatsSpy Public is a web-based tool that could allow an attacker to access Whatsapp user information related to his activity. WhatsSpy Public is a web-based tool created by Maikel Zweerink that can trace the moves of a WhatsApp user. WhatsSpy is able to display user information in a friendly dashboard that includes events being displayed […]

WhatsSpy Public tool can spy on Whatsapp users

WhatsSpy Public is a web-based tool that could allow an attacker to access Whatsapp user information related to his activity.

WhatsSpy Public is a web-based tool created by Maikel Zweerink that can trace the moves of a WhatsApp user. WhatsSpy is able to display user information in a friendly dashboard that includes events being displayed in a timeline.

whatsspy Public

The tool also allows experts to compare timelines of two users in order to conduct cross analysis. Zweerink has released the WhatsSpy Public tool on GitLab as a proof-of-concept that WhatsApp privacy is broken, he highlighted the application doesn’t rely on a specific hack or exploit.

Maikel Zweerink explained that he has discovered that some of the events sent out by the messaging app could be intercepted by anyone. Among the data that could be eavesdropped, there is the current status (independently of privacy settings), change of profile pictures, message status and any modification of privacy settings.

whatsspy Public 2

By analyzing the WhatsSpy Public dashboard it is possible to discover the exact moment when users start to use WhatsApp and when they disconnect from the service.

“WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you’ve setup this application you can track users that you want to follow on Whatsapp. Once it’s running it keeps track of the following activities:”explained Zweerink  on the project page.

“I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with Whatsapp to build an Bot, but I was stunned when I realised someone could abuse this ‘online’ feature of Whatsapp to track anyone,” 

On the project page are reported the instructions for the installation of the WhatsSpy Public tool in Raspberry Pi, Server and VPS. The requirements includes:

  • Secondary Whatsapp account (phonenumber that doesn’t use Whatsapp)
  • Rooted Android phone OR Jailbroken iPhone OR PHP knowledge
  • Server/RPi that runs 24/7
  • Nginx or Apache with PHP (you can’t host on simple webhoster, you need bash)
  • Postgresql

There is no peace for Whatsapp users, recently the researcher Indrajeet Bhuyan discovered two privacy issues in Whatsapp web application and in the last months the same experts has discovered a way to crash the mobile application by sending specially crafted messages.

(Security Affairs –  Whatsapp, WhatsSpy Public)