https://github.com/sbaresearch/whatsapp-census/blob/main/Hey_there_You_are_using_WhatsApp.pdf
A recently disclosed vulnerability in the popular messaging app WhatsApp has raised significant security concerns, as it allows attackers to potentially access the phone numbers of a large number of users.
The flaw, discovered by researchers, stems from a design issue in WhatsApp’s contact discovery mechanism, which is used to match a user’s contacts with their WhatsApp accounts. Exploiting this vulnerability, attackers can submit a series of phone numbers and determine which ones are registered with the service, effectively enabling large-scale enumeration attacks.
This type of attack can have severe privacy implications, as it could allow bad actors to compile extensive databases of WhatsApp users and their associated phone numbers, potentially leading to targeted phishing, spam, or other malicious activities. While WhatsApp’s parent company, Meta, has acknowledged the issue and is working on a fix, the researchers warn that the vulnerability highlights the need for more robust security measures to protect user privacy in messaging applications.