The location of WhatsApp users is at risk


Security researchers have recently realized that depending on the success rate of their attack, iPhone hackers can extract information about the location of users of Signal, WhatsApp and Trima messengers with 80% accuracy. The results of this important finding were published by the Restore Privacy Institute. According to this publication, the trick of such a malicious act lies in measuring the time spent by the attacker to receive the notification of the delivery status of the message sent to the target.

Because the mobile internet networks and the server infrastructure of instant messaging applications have certain physical characteristics that cause the formation of standard signal paths; Therefore, these notifications have some predictable delay depending on the user’s location. The attacker measures these delays in the preliminary stages of the work, such as sending a message when the target’s location is known; In the future, it can find out the location of the person receiving the message by sending a new message and measuring the time spent to receive the delivery status notification.


This timed attack can determine the location of the recipient of the message based on the name of the country, city, region and his connection to the Internet through Wi-Fi or mobile phone network. According to researchers, this security hole can be used for so-called safe messaging services such as Signal, Trima and WhatsApp. In relation to WhatsApp, the situation is somewhat more worrying; Because this company has recently launched a global advertising campaign comparing the level of security of WhatsApp messaging and the battle of green and blue bubbles between Apple and Android handset manufacturers.

Among these 3 programs, the accuracy of detecting users’ location by hackers for active purposes in Signal, Trima and WhatsApp messengers is 82, 80 and 74%, respectively. Now the question arises in the mind, how to protect ourselves from these attacks?

The Restore Privacy Institute notes in response that regardless of using a VPN or disabling the notification feature that informs the sender of the status of their sent message; The mentioned messenger applications can implement preventive measures. For example, these programs can change the times of sending delivery messages to the sender randomly. This publication announces in a note:

“During their investigations, the researchers noticed that some devices were in a stationary state when they received the messages. This phenomenon can disrupt the results of the attack and practically turn into an unreliable countermeasure. In order to prevent this timed attack, an opportunity between 1 and 20 seconds will be enough. Thus, the useful use of notifications related to the status of sending messages will not be affected.”

This publication shared the results of its findings with the 3 mentioned messengers. 2 of these 3 messengers have announced that they are investigating the matter. Therefore, in the future, we will probably see the publication of more details in this regard.

Source link


Adib Zahedi is the CEO and Founder of He has nearly a decade of experience in IT, including two years spent working on a Youtube Chennal. He is also an author and writes articles for Has articles include tutorials and covers everything from Windows PCs to smartphone's software.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button