There are many users who are daily searing for the methods to hack or spy on the Whatsapp users, and here is something nasty that every Whatsapp users should get alert. Researcher/ developer have publicly released a tool which can trace and spy on your Whatsapp accounts.
Maikel Zweerink, developer have created a web based tool that can trace the moves and spy on any Whatsapp users, called "WhatsSpy". Zweerink has released the WhatsSpy Public tool on GitLab as a proof-of-concept that WhatsApp privacy is broken, he highlighted the application doesn't rely on a specific hack or exploit.
The Requirements includes -
This is not the first time that researcher have broke into the privacy of the Whatsapp. Earlier also an Indian security researcher Indrajeet Bhuyan have demonstrated couple of the privacy issue on Whatsapp web.
Whatsapp web version was announced last months and within a month numbers of issue have been reported on Whatsapp. Last year, Whatsapp have implemented an End-to-End Encryption by default but it seems that encrypting the data transmission is nit sufficient for the users privacy. Hope Whatsapp soon fixed all the issue.
WhatsSpy have a friendly dashboard which shows the users information and events in a timeline interface. Additionally the tool also allows experts to compare timelines of two users in order to conduct cross analysis.
What is WhatsSpy ?
“WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you’ve setup this application you can track users that you want to follow on Whatsapp. Once it’s running it keeps track of the following activities:”
How it Works?
As WhatsSpy is a web based tool hence it needs some of the following requirements. On the GitLab page where developer release the tool have the instruction for the installation of the WhatsSpy. Developer have explained the process to install the WhatsSpy on Server, VPS and Raspberry Pi.
- Secondary Whatsapp account (phone number that doesn't use Whatsapp)
- Rooted Android phone OR Jailbroken iPhone OR PHP knowledge
- Server/RPi that runs 24/7
- Nginx or Apache with PHP (you can't host on simple webhoster, you need bash)
- Postgresql
What Developer says About WhatsSpy ?
Maikel Zweerink, explained that he has discovered that some of the events sent out by the messaging app could be intercepted by anyone. Among the data that could be eavesdropped, there is the current status (independently of privacy settings), change of profile pictures, message status and any modification of privacy settings.
He mentioned -
“I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with Whatsapp to build an Bot, but I was stunned when I realised someone could abuse this ‘online’ feature of Whatsapp to track anyone,”
This is not the first time that researcher have broke into the privacy of the Whatsapp. Earlier also an Indian security researcher Indrajeet Bhuyan have demonstrated couple of the privacy issue on Whatsapp web.
Whatsapp web version was announced last months and within a month numbers of issue have been reported on Whatsapp. Last year, Whatsapp have implemented an End-to-End Encryption by default but it seems that encrypting the data transmission is nit sufficient for the users privacy. Hope Whatsapp soon fixed all the issue.