WhatsApp, which started as your go-to instant messaging solution and was later turned into a message forwarding machine by your uncle has come under some scrutiny from a software engineer called Robert Heaton. Robert Heaton has managed to uncover a flaw in the working of WhatsApp that can be used to monitor activity of another user. Before you get too worked up about this flaw and start panicking about your shady activity on WhatsApp we would like to inform you that your chats remain safe as WhatsApp still employs end-to-end encryption. The only details about your WhatsApp activity that this flaw can reveal is how much time you remain online on WhatsApp thereby tracking your sleep patterns and by tracking more than one of your friends figure out your frequency of communication with them.


We do not think that this flaw has yet been exploited by hackers because Robert Heaton presents us with an imaginary scenario where someone might create a rogue Chrome extension that monitors your online activity via WhatsApp web. In a detailed yet story-like blog post, he tells us about him creating a simple Chrome extension using just four lines of JavaScript. The flaw that he points out in the working of WhatsApp is that while you can hide your “Last Seen” status you can never hide the fact that you are online. Someone could use this information to keep a log of your online status to find out about your sleep patterns by noting the time you are offline. In the picture below Robert shows us that you can find the results from the Chrome extension and map them out on a graph to find someone’s sleep patterns.

WhatsApp Exploit 1.jpg

While this exploit of monitoring your online status on Facebook Messenger and Tinder have already been pointed out, this is the first time someone took the same idea and applied it to WhatsApp. The next part of this exploit starts by monitoring the online status of more than two people. Once you correlate the online patterns of two persons you can make a guess of the regarding the frequency of communication between the two persons. For example of person A is remaining online in the same period as person B for more than a few times in a week you can find speculate that they are talking to each other during the overlap of them being online. Here you can see how one can graph online activity of two persons and correlate them.

WhatsApp Exploit 2.jpg

Finally Robert Heaton ends the tale by saying that a web analytics company can build tools which monitors WhatsApp activity of people and send the results to credit card companies or health insurance companies and make a profit off that. Here is why this exploit is not that scary. First no one has actually built a tool to put this exploit into use and second since this has been put on the internet WhatsApp may try to mask your online status from extensions on Chrome.

Source : Crazyengineers