hngopher.com

       [HN Gopher] Researchers discover security vulnerability in WhatsApp
       ___________________________________________________________________
        
       Researchers discover security vulnerability in WhatsApp
        
       Author : KingNoLimit
       Score  : 42 points
       Date   : 2025-11-19 20:55 UTC (2 hours ago)
        
 (HTM) web link (www.univie.ac.at)
 (TXT) w3m dump (www.univie.ac.at)
        
       | TZubiri wrote:
       | Security vulnerability is a bit strong, but I don't blame news
       | salesmen for making clickbait, it's all in the game
        
         | Krasnol wrote:
         | If you can identify a person in a country where WA shouldn't be
         | available by sniffing out their profile, it may even end up
         | being a deadly security vulnerability, but I don't blame
         | someone on a tech bro forum for making a edgy comment, it's all
         | in the game.
        
           | perch56 wrote:
           | In a kinetic warfare or authoritarian context, this is rather
           | a life safety vulnerability. In the industry, we call this
           | the crossover from Information Security (InfoSec) to
           | Operational Security (OpSec), where a digital flaw becomes a
           | Kinetic Threat.
        
             | catmanjan wrote:
             | Kinetic Threat, thats a good one, I'm going to kinetically
             | threaten your face!
        
       | ale42 wrote:
       | A bit disappointing, I thought everybody knew it was possible to
       | "enumerate" Whatsapp accounts? I was hoping for something more
       | juicy like RCE...
        
         | ruinin wrote:
         | The most interesting vulnerability is the reuse of
         | cryptographic keys, some of it apparently by design, like when
         | transferring one's account to a new number - this can
         | apparently be used to correlate identities despite the change
         | of phone number.
         | 
         | Also, from examining the published data set I found it
         | interesting that there are only five WhatsApp users registered
         | in North Korea. I wonder who they are.
        
           | SweetSoftPillow wrote:
           | I'm almost 100% sure that one of them is the only North
           | Korean Steam user.
        
       | mlmonkey wrote:
       | "security vulnerability" ....
        
       | londons_explore wrote:
       | The only fix to this is to replace phone numbers by secret 256
       | bit keys that are never reused...
       | 
       | Never gonna happen.
        
         | Sophira wrote:
         | Phone numbers were never supposed to be secret.
         | 
         | Nor were social security numbers.
        
       ___________________________________________________________________
       (page generated 2025-11-19 23:00 UTC)