Security vulnerability is a bit strong, but I don't blame news salesmen for making clickbait, it's all in the game
Krasnol•22m ago
If you can identify a person in a country where WA shouldn't be available by sniffing out their profile, it may even end up being a deadly security vulnerability, but I don't blame someone on a tech bro forum for making a edgy comment, it's all in the game.
perch56•5m ago
In a kinetic warfare or authoritarian context, this is rather a life safety vulnerability. In the industry, we call this the crossover from Information Security (InfoSec) to Operational Security (OpSec), where a digital flaw becomes a Kinetic Threat.
ale42•50m ago
A bit disappointing, I thought everybody knew it was possible to "enumerate" Whatsapp accounts? I was hoping for something more juicy like RCE...
ruinin•46m ago
The most interesting vulnerability is the reuse of cryptographic keys, some of it apparently by design, like when transferring one's account to a new number - this can apparently be used to correlate identities despite the change of phone number.
Also, from examining the published data set I found it interesting that there are only five WhatsApp users registered in North Korea. I wonder who they are.
SweetSoftPillow•25m ago
I'm almost 100% sure that one of them is the only North Korean Steam user.
mlmonkey•37m ago
"security vulnerability" ....
londons_explore•16m ago
The only fix to this is to replace phone numbers by secret 256 bit keys that are never reused...
TZubiri•1h ago
Krasnol•22m ago
perch56•5m ago