Pulse of Truth

1724 readers

191 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers (www.wired.com)

submitted 3 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

5 comments fedilink hide all child comments

By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.

you are viewing a single comment's thread
view the rest of the comments

[–] Ludicrous0251@piefed.zip 5 points 3 days ago

When WIRED asked Meta what rate-limiting measures it instituted over the last eight years to prevent the technique Kloeze demonstrated, the company responded that it has, in fact, implemented evolving defenses against scrapers, including rate-limiting and machine-learning techniques to ban scrapers. Yet the University of Vienna researchers were able to not only replicate Kloeze's work, but take it further, actually enumerating all 3.5 billion registered WhatsApp phone numbers—far more than the service had in 2017.

A generous rate limit of 1 query per second would have taken 111 years to churn through 3.5 billion users (with 100% success rate on guesses). Meta's rate limit seems to be "the rate at which our servers can query our contact database".