Such as He discovered Security researcher Athul Jayaram, WhatsApp users' phone numbers can be found in Google search.
"Click to Chat" allows websites to quickly start WhatsApp conversations with their visitors. In short, the function uses the assignment of a QR code to a telephone number.
So the site visitor simply scans the QR code or clicks on the URL and can start a WhatsApp chat.
In short, it is a very useful option for Spammers, as security vulnerabilities will allow them to create easily, well-structured databases with original phone numbers to use in their malicious campaigns.
Athul said it had found about 300.000 valid phone numbers from Google's search engine.
Although phone numbers are not linked to their owners' names, attackers can find out who they belong to, since if they click on the URL of a phone number in Google search results, a user's profile appears along with a photo.
WhatsApp denies the error
When Athul Jayaram told WhatsApp about his finding, the company categorically denied its discovery and did not consider it a security error. According to a WhatsApp spokesman, they are users chose to make their phone numbers public.
Athul Jayaram, however, clarified his views on the matter defect and advised the company to immediately encrypt mobile phone numbers of all users of the application and add a robots.txt file to prevent bots from detecting their domains.
The error has been corrected
WhatsApp repaired the vulnerability shortly after the update and announced it to Internet. A WhatsAPP spokesman said: "While we value this report from the researcher and value the time it takes to share it with us, it does not qualify for a monetary reward as it simply contained an index of URLs chosen by the users themselves. of WhatsApp to publish. All WhatsApp users, including businesses, can block unwanted messages at the touch of a button. ”