It turns out the Facebook-owned messenger suffers from a vulnerability that can be exploited to spy on your sleeping patterns – and find out precisely at what time you go to sleep and wake up. Your WhatsApp online status can help hackers figure out who you are talking to and when you go to sleep owing to a flaw in the micro-blogging platform, a software engineer has claimed.
The flaw was discovered by Rob Heaton ,who has made similar security-related findings in the past — exploited the flaw by creating a Chrome extension with a minimal four lines of code, Digital Trends reported late on Tuesday.
“If SS goes offline between 1100PM and 0730AM each day, you can infer that he is following the plan and just seems dull and sluggish because he is a dull and sluggish person. However, if he instead only goes dark between 0300AM and 0800AM, you know that he is skimping on sleep to either party or play computer games in his underwear. As a side-benefit, you hope that you may be able to infer things like the number of times he wakes up during the night and the waxing and waning of his social life.” Rob added.
What is disturbing is that almost anybody with a little practical understanding and a spare machine can abuse this flaw. The issue starts from the WhatsApp’s last seen and online status features which make it possible to check up uninterrupted on your contacts for the last time they were online.
The code could even be tweaked to correlate more than two people messaging each other.
According to reports, users actually can do nothing to prevent hackers from being able to spy on them, unless WhatsApp security researchers find a way out.
“Using WhatsApp, you can set the app to show your ‘last seen’ statuses to either everyone, only contacts, or no one, but no such feature exists for your online status,” the report said.
Apart from WhatsApp, the Facebook Messenger also has the similar online status issue.