Vulnerability Allowed Scraping of 3.5 Billion WhatsApp Accounts
securityweek
A team of researchers from the University of Vienna in Austria has disclosed the details of a novel enumeration technique that allowed them to scrape 3.5 billion WhatsApp accounts. WhatsApp owner Meta has rolled out mitigations to prevent exploitation of the vulnerability.
WhatsApp, similar to nearly every major communications app, enables users to connect with others based on phone numbers. When users try to find their phone contacts on WhatsApp, the company’s servers are queried to determine whether the user associated with a specific phone number is registered.
The University of Vienna researchers found a technique for enumerating WhatsApp accounts without being blocked. They generated possible phone number combinations and checked which were registered on the messaging service.
The researchers expected to encounter rate limiting, but they were able to scrape WhatsApp account data at rates of more than 100 million phone numbers per hour.
“Normally, a system ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE