Privacy hack: WhatsApp’s new calling feature has been collecting user phone numbers and call period will not their knowledge
If you thought your voice calls created on the WhatsApp’s new voice calling feature were personal, you’re mistaken. Apparently, the Facebook closely-held company is collecting your phone numbers and your call period while not your information. This was discovered by researchers from University of latest Haven’s Cyber Forensics analysis & Education group.
The researchers did a forensic examination of well-liked cross platform messaging service, WhatsApp and located that information that may be collected from the app’s network from its new calling feature: like phone numbers and call period, and highlights areas for future analysis and study.
The group has elaborated its study in an exceedingly paper printed within the scholarly journal, Digital Investigation. The article was co-authored by F. Karpisek of Brno University of Technology within the Czech Republic, Ibrahim (Abe) Baggili and Frank Breitinger, co-directors of the Cyber Forensics analysis & Education group at the University of recent Haven.
“Our analysis demonstrates the sort of information that may be gathered through the forensic study of WhatsApp and provides a path for others to conduct extra studies into the network forensics of messaging apps,” aforesaid Baggili.
According to the researchers, decrypting the network traffic isn’t easy, as each access to information on the device also because the full network traffic is required.
“We decrypted the WhatsApp consumer connection to the WhatsApp servers and visualized messages changed through such a connection using a command-line tool we tend to create,” the authors wrote. “This tool could also be helpful for deeper analysis of the WhatsApp protocol.”
In the paper, the researchers have provided an overview of the WhatsApp messaging protocol from a networking perspective, creating it attainable to explore and study WhatsApp network communications. He aforesaid, he believes they’re the primary to debate “WhatsApp signaling messages used once establishing voice calls.”
Specifically, the researchers found that WhatsApp uses the FunXMPP protocol for message exchange, that may be a binary-efficient encoded protractile messaging and Presence Protocol (XMPP) (WHAnonymous, 2015c).
Through the analysis of signaling messages changed throughout a WhatsApp call using an Android device, the researchers were able to closely examine the authentication method of WhatsApp purchasers; discover what codec WhatsApp is using for voice media streams (Opus at eight or sixteen kHz sampling rate); perceive, however relay servers ar proclaimed and therefore the relay election mechanism; and perceive however clients announce their end point addresses for media streams.
“Gaining insight into these signaling messages is important for the understanding of the WhatsApp protocol, particularly within the area of WhatsApp,” the authors wrote.
The researchers were able to acquire attention-grabbing details from network traffic, as well as WhatsApp phone numbers, WhatsApp call establishment data, and date-time stamps, and WhatsApp call period information and date-time stamps. They conjointly were able to acquire WhatsApp’s callers voice codec (Opus) and WhatsApp’s relay server IP addresses used throughout the calls.