this post was submitted on 19 Dec 2025
57 points (89.0% liked)

Cybersecurity

8810 readers
149 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
57
WhatsApp, Signal, untraceable security risk (www.techradar.com)
submitted 10 hours ago by Spot@startrek.website to c/cybersecurity@sh.itjust.works
17 comments fedilink hide all child comments
 

Three billion WhatsApp users are at risk - an expert has developed a tool that could spy on everyone, and you would never know about it

you are viewing a single comment's thread
view the rest of the comments
[–] pcouy@lemmy.pierre-couy.fr 1 points 3 hours ago

I believe Signal has already fixed it, while meta said they won't fix this in WhatsApp.

This side channel can be used to infer more than a rough timezone, specifically, an attacker could continuously monitor :

  • the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
  • the locked or unlocked state of the target’s phone
  • whether the phone is connected via Wi-Fi or a mobile network
  • whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance

I've tested this on myself and can confirm all of this can be done reliably