A serious vulnerability in WhatsApp, the app most used messaging system in the world, it could make it easy to find out the location and IP address of users.
The vulnerability was reported in the GitHub software repository by the user bhdresh, who explains that by filtering the IP addresses of the Facebook and WhatsApp servers from the destination hosts files, the IP address of the WhatsApp user can be obtained without it having knowledge.
As explained from ADSLZone, this flaw works even in the latest version of the app and it could allow criminals to know the public IP addresses and approximate location of users and, in this way, follow their movements by creating a history of locations.
The site clarifies that, for the attack to be carried out, it is necessary for the user to have their mobile phone connected to the same Wi-Fi network as the attacker’s computer. In this way, it is possible to activate the script that bhdresh has published in its report and when calling any WhatsApp contact of the user it is possible to know their IP address.
The user informed Facebook of the vulnerability in October 2020, but according to the company, it did not recognize the flaw and classified it as functioning within expectations. Facebook recommends that users limit calls to trusted users or use a VPN to limit vulnerability, but at no point does it signal its intention to patch this bug.