Univ. of New Haven Cyber Lab: WhatsApp Collects Phone Numbers, Call Duration, and More

← Back to Stories (view on slashdot.org)

Univ. of New Haven Cyber Lab: WhatsApp Collects Phone Numbers, Call Duration, and More

Posted by timothy on Tuesday October 27, 2015 @05:51AM from the mere-metadata dept.

An anonymous reader writes: A recent network forensic examination of popular messaging service WhatsApp at the University of New Haven's Cyber Forensics Research & Education Group is offering new details on the data that can be collected from the app's network from its new calling feature: such as phone numbers and phone call duration, and highlights areas for future research and study. The researchers provided an outline of the WhatsApp messaging protocol from a networking perspective, making it possible to explore and study WhatsApp network communications. (Also noted at The Register.)

67 comments

Min score:

Reason:

Sort:

App that apps apps turns out to app apps! by Anonymous Coward · 2015-10-27 05:52 · Score: 1

What a surprise!

Apps!
1. Re: App that apps apps turns out to app apps! by Anonymous Coward · 2015-10-27 05:55 · Score: 0
  
  Seriously. Everyone already knows this. Did you know that there is a vulnerability in the north American telephone system whereby you can get access to a person's phone number by looking up their "white pages" entey?
2. Re: App that apps apps turns out to app apps! by Anonymous Coward · 2015-10-27 06:14 · Score: 0
  
  My local white pages does in fact list my phone number next to my name. It has never included a list of all the numbers that I have called and the lengths of those call times.
  BTW, did you know that every men's room has your mother's phone number written on the wall? Really? Everyone else knew.
3. Re: App that apps apps turns out to app apps! by Anonymous Coward · 2015-10-27 06:33 · Score: 0
  
  Seriously. Everyone already knows this. Did you know that there is a vulnerability in the north American telephone system whereby you can get access to a person's phone number by looking up their "white pages" entey?
  Person's cellphone number too?
4. Re:App that apps apps turns out to app apps! by JustAnotherOldGuy · 2015-10-27 07:17 · Score: 1
  
  FFS, this should surprise NO ONE.
  The default behavior for almost everything these days is to suck up as much information as possible no matter what the Terms Of Service say.
  I'd be surprised if it didn't also log the GPS coordinates, movement, and anything else it can grab.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
5. Re: App that apps apps turns out to app apps! by Holi · 2015-10-27 07:32 · Score: 1
  
  BTW, did you know that every men's room has your mother's phone number written on the wall? Really? Everyone else knew.
  Duh, Why else do you think I put it there?
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
6. Re: App that apps apps turns out to app apps! by Anonymous Coward · 2015-10-27 08:49 · Score: 0
  
  Sorry son, Dad's never gonna call.
On Android by Anonymous Coward · 2015-10-27 05:52 · Score: 0

This isn't possible on iOS. Probably the only good thing iOS has going for it.
1. Re:On Android by interval1066 · 2015-10-27 06:19 · Score: 1
  
  I love that phrase: "(X) isn't possible on my particular brand of poison."
  
  --
  Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
2. Re: On Android by Anonymous Coward · 2015-10-27 06:36 · Score: 0
  
  So the lack of ability to do research is a plus on iOS? Yep, you're an iFan.
  Perhaps you didn't understand the article. This isn't about Android security, this is just about peeking at What's Up network. I'm assuming if an iOS user and Android user were having a What's Up call, the Android can find out all the same information that applies to the iOS.
3. Re:On Android by gweihir · 2015-10-27 07:09 · Score: 1
  
  The hallmark of a truly small mind.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Nobody gives a shit. by Anonymous Coward · 2015-10-27 06:06 · Score: 2, Insightful

Seriously, everybody knows that WhatsApp was shite, is shite and will forever be shite. It does not matter. Everybody uses it, so everybody keeps using it. You would have to pay people to make them switch. It's not going to happen.
1. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-27 06:35 · Score: 0
  
  Seriously, everybody knows that WhatsApp was shite, is shite and will forever be shite. It does not matter. Everybody uses it, so everybody keeps using it. You would have to pay people to make them switch. It's not going to happen.
  Maybe it's just that I'm a nerd reading slashdot, but I don't know a single person that uses this. (however, I live in an area where cellular phones are somewhat frowned upon, kind of a "if you want to use a phone, go home" mindset)
2. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-27 07:13 · Score: 0
  
  Shit in what way ? The article gives no details. You give no details.
  It works, it messages people. What were the other goals exactly ?
3. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-27 07:32 · Score: 0
  
  What's so shit about it? It works well and it's convenient. That's what people look for in an app.
4. Re:Nobody gives a shit. by hjf · 2015-10-27 07:35 · Score: 3, Insightful
  
  It's unbelievably slow, heavy, feature lacking. Useless web ui "whatsapp web" that takes ages to load and still requires you to have whatsapp open on your phone in order for it to work.
  You can't refuse to join groups: you're forcefully added and multimedia shit downloaded to your phone without your permission.
  Whatsapp also works very hard against "modders" and COMPLETELY REFUSES to let you run multiple phone numbers on a single phone: one person-one phone. Company number AND personal number? Fuck you. Dual sim phone? Fuck you very much. It's like facebook: ONE PERSON, ONE PROFILE. Multiple profiles? HACKER!!!!!! DELINQUENT!!!!
  Telegram is far lighter, runs on a lot of platforms and overall feels a lot more well built than this shit. Lose your phone? no problem, telegram is still open on your tablet, computer, or whatever device you want it to run on.
5. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-27 07:40 · Score: 0
  
  When WhatsApp wasn't part of Facebook, it was well known that the protocol allowed all sorts of exploits, like reading somebody else's messages and online status, without their permission of course. Sending messages as someone else was possible too. The protocol was a clear result of "build a prototype, release, fix what we can't hide any longer". It did what people wanted it to do. Security and data privacy was not on the requirements list. No contest. In fact, that kinda was my point. People use shit software every day. I know middle management people who keep using infected computers for months, because who has the time to fix the problem. That people have abysmally low standards does not change the fact that WhatsApp is shite.
6. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-27 10:33 · Score: 0
  
  Where do you live? Wanna move there!
7. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-29 04:48 · Score: 0
  
  "Other app is better" is not the same as "app is shit". Whatsapp doesn't lack a single feature that the majority of people wants, or the majority of people would use something else.
8. Re:Nobody gives a shit. by Anonymous Coward · 2015-10-29 06:59 · Score: 0
  
  Unfortunately, the most impressive feature in WhatsApp, that no other has (yet) is the number of users.
  Yes, Telegram is way better, and although I have a handful of friends using it, it's still very very far from being in about 80% of my contact list.
9. Re:Nobody gives a shit. by hjf · 2015-10-29 08:07 · Score: 0
  
  No you dumb fuck.
  I didn't say "Open app is better". I said THIS APP IS SHIT AND THIS IS HOW IT COULD BE IMPROVED.
  Cunt.
Cyber Lab by Anonymous Coward · 2015-10-27 06:09 · Score: 0

Is that like a computer lab?
I bet hipsters are involved in this, somehow.
This is stupid, right ? by Anonymous Coward · 2015-10-27 06:13 · Score: 0

Obvious is obvious is obvious and a waste of time, no ?
Expectations by Anonymous Coward · 2015-10-27 06:18 · Score: 0

When you have access to this much data, it's hard to resist tapping into it one way or another. It's human nature; another type of hoarding even if it's benign. That's why the more privacy-centric solutions out there actively burn the bridges for themselves using encryption, p2p, etc.
Intelligence Collection by transfire · 2015-10-27 06:30 · Score: 3, Interesting

Probably because Facebook is part of the Israeli intelligence apparatus. This is the same data collected by Amdocs, the Israeli company that handles virtually all records for land lines (http://www.tomflocco.com/fs/HouseHidesIsraeliTelSpying.htm)
1. Re:Intelligence Collection by Anonymous Coward · 2015-10-27 11:25 · Score: 0
  
  The word "facebook" doesn't appear even once in the linked article, which also appears to come from a dubious source.
2. Re:Intelligence Collection by Anonymous Coward · 2015-10-27 23:06 · Score: 0
  
  s/dubious/crazy antisemitic/
  They blame 9/11 on the Jews... come on...
it's a messaging app! by wnfJv8eC · 2015-10-27 06:31 · Score: 1

Didn't my phone come with one preloaded? Why on earth would I need to get a new app to do what my phone already supports?
1. Re:it's a messaging app! by Anonymous Coward · 2015-10-27 06:39 · Score: 0
  
  Didn't my phone come with one preloaded? Why on earth would I need to get a new app to do what my phone already supports?
  Why, to be able to text people on smartphones who don't want to use texting of course!
  But honestly, it's not something that "grown ups" would understand the purpose of, giving people your phone number is "creepy", but giving them Xx_messengernameoftheweek_xX is no big deal.
2. Re:it's a messaging app! by Anonymous Coward · 2015-10-27 06:40 · Score: 0
  
  Why on earth would I need to get a new app to do what my phone already supports?
  Because it's trendy.
  Come on, you want to be hip and popular, don't you? Don't act like such a Blackberry user.
3. Re:it's a messaging app! by Flavianoep · 2015-10-27 07:02 · Score: 3, Informative
  
  Because in Brazil, a each SMS message (about 150B) costs about US$ 0,13, but for about US$ 0,20 money you can use 50MB of data for a day. People uses Whatsapp here because it's cheaper.
  
  --
  Linux is for people who don't mind RTFM.
4. Re:it's a messaging app! by Anonymous Coward · 2015-10-27 07:10 · Score: 1
  
  In The Netherlands, literally 90% of smartphone users has Whatsapp.
  So there it is a defacto standard messaging app, just like SMS is but "free".
5. Re:it's a messaging app! by Flavianoep · 2015-10-27 07:11 · Score: 2
  
  You need someone's phone number to send them Whatsapp messages.
  
  --
  Linux is for people who don't mind RTFM.
6. Re:it's a messaging app! by Dog-Cow · 2015-10-27 08:37 · Score: 1
  
  Does your phone give you free international SMS and MMS, including video?
7. Re:it's a messaging app! by Anonymous Coward · 2015-10-27 08:53 · Score: 1
  
  Really? Then why does this exist?
8. Re: it's a messaging app! by Anonymous Coward · 2015-10-27 10:21 · Score: 1, Informative
  
  In the USA, I can't get why people would use Whatsapp, having SMS virtually for free.
  In most of the rest of the world, only technically inepts or ignorants would use SMS, because for most people a mobile call cost the same or less than a single fucking SMS.
  And Whatsapp is so simple and featureless that you can explain it in five minutes to your grandma, and from then on the only trouble she would have will be finding the right key on her Android keyboard. Install an use, no user IDs, no password, no nothing, and all your family and friends appear thee automagically.
  In Spain you can pay 1 euro a month for 100Mb of mobile Internet, and SMS usually cost 18 cents a message. As you can imagine, nearly nobody uses SMS anymore. It is cheaper by far buying a cheap smarphone and Whatsapp than buying a dumbphone and send SMS. A lot of people uses their smartphones basically as Whatsapp terminals: no calls, no SMS.
  People here calls people with no Whatsapp who sends SMS "amigos caros" ("expensive friends"), because message exchanges with them usually skyrocket your mobile charges.
9. Re:it's a messaging app! by Anonymous Coward · 2015-10-27 13:41 · Score: 0
  
  Really? Then why does this exist?
  Ubiquitous free "texts" with people outside the USA without figuring out an email address*. Free international "calls" without phone surcharges. I think it does video and images too. Group chats without IM knowhow means you can call gran'ma.
  Network effects cannot be ignored especially with FB's ownership. Whatsapp is like AOL's instant messenger was for the ICQ uninitiated.
10. Re:it's a messaging app! by tehcyder · 2015-10-28 01:33 · Score: 1
  
  Didn't my phone come with one preloaded? Why on earth would I need to get a new app to do what my phone already supports?
  It lets you make free internet phone calls. You can also send free text messages. If you have a basic plan, you don't get many free minutes/texts, so it's a useful free (as in beer) service if you have many people you want to call or text a lot.
  The fact that they collect your data is hardly a surprise, and is no more or less sinister than facebook or google doing the same. If you want total privacy, don't use unencrypted messaging on the internet.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
11. Re: it's a messaging app! by tehcyder · 2015-10-28 01:45 · Score: 1
  
  By contrast, in the UK most people have either practically, or else actually unlimited texts (SMS) with their mobile phone contracts. (Unless you only have the bare minimum monthly payment option). The same is true of phone calls.
  Whatsapp is still popular because you can send free videos/photos, and make free overseas calls, since monthly plans don't include limitless multimedia messages or calls abroad.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
My Whatsapp status is permananently set to... by Assoluto · 2015-10-27 06:38 · Score: 5, Interesting

...Being tracked by Zuk
I'm generally pretty privacy concious (use a VPN for all browsing, self destructing cookies, fake accounts everywhere, no account for Facebook, Twitter, etc). However, with your phone it's impossible to avoid being tracked by Google and Facebook. I have no mobile data plan and keep my Wifi off most of the time, but I still suspect they get a lot of data on me.
Windows has gone in the same direction and it's impossible to use that without being tracked by Microsoft. Linux is the only remaining option for anyone with concerns about privacy. Sadly, most people don't have any concerns about privacy and don't realise how they can be harmed and exploited through their data.
I think the privacy war is over, and we lost.
1. Re:My Whatsapp status is permananently set to... by Actually,+I+do+RTFA · 2015-10-27 08:03 · Score: 1
  
  owever, with your phone it's impossible to avoid being tracked by Google and Facebook
  What? If you don't have a Facebook account, you don't have their apps. If you don't have their apps, they aren't tracking you.
  If you install a different OS, Google will not track you.
  
  --
  Your ad here. Ask me how!
2. Re:My Whatsapp status is permananently set to... by Anonymous Coward · 2015-10-27 08:17 · Score: 1
  
  Except that isn't true.
  http://www.theguardian.com/technology/2015/mar/31/facebook-tracks-all-visitors-breaching-eu-law-report
  https://www.google.com/analytics/
3. Re:My Whatsapp status is permananently set to... by farble1670 · 2015-10-27 08:17 · Score: 1
  
  Sadly, most people don't have any concerns about privacy and don't realise how they can be harmed and exploited through their data.
  i dunno, i've been using the internet since it's inception and i've never been harmed. what exactly are you talking about?
4. Re:My Whatsapp status is permananently set to... by Anonymous Coward · 2015-10-27 08:51 · Score: 0
  
  You forgot browser fingerprinting (EFF.org's Panopticlick will show you that.) There has yet to be a Web browser that does not have a unique fingerprint.
5. Re:My Whatsapp status is permananently set to... by Anonymous Coward · 2015-10-27 09:48 · Score: 0
  
  Use ublock and add social crap to it, problem solved.
6. Re:My Whatsapp status is permananently set to... by Actually,+I+do+RTFA · 2015-10-27 10:12 · Score: 1
  
  Oh, you mean you surf the web from your phone and you don't block facebook/google. The same shit happens on your desktop. Block facebook's and google's domains then (or at least all of facebook and Google's analytics).... just like you should on your desktop.
  
  --
  Your ad here. Ask me how!
7. Re:My Whatsapp status is permananently set to... by Anonymous Coward · 2015-10-27 13:52 · Score: 0
  
  Block facebook's and google's domains then (or at least all of facebook and Google's analytics).... just like you should on your desktop.
  Sure, because it is OH SO normal for us to have pre-rooted smartphones from our carriers and Firefox mobile for Noscript, especially Apple. And all our routers have DDWRT so we can bend all stray requests for the offending servers to 0.0.0.0, especially if the wife, kid, dog or ocasional visitor wishes to use your secure command center for a quick check of their status during your get-togethers
8. Re:My Whatsapp status is permananently set to... by GNious · 2015-10-27 20:59 · Score: 1
  
  Did you look into using a phone based on something else than Android, Windows, or iOS?
9. Re:My Whatsapp status is permananently set to... by tehcyder · 2015-10-28 01:47 · Score: 1
  
  If you install a different OS, Google will not track you.
  As we're talking about phones, the only alternative OS is Apple. And they track you worse than anyone.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
10. Re:My Whatsapp status is permananently set to... by tehcyder · 2015-10-28 01:49 · Score: 1
  
  Sadly, most people don't have any concerns about privacy and don't realise how they can be harmed and exploited through their data.
  i dunno, i've been using the internet since it's inception and i've never been harmed. what exactly are you talking about?
  You're probably not a drug dealer, paedophile or gun-smuggling terrorist, unlike most people on slashdot.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
11. Re:My Whatsapp status is permananently set to... by Actually,+I+do+RTFA · 2015-10-28 05:14 · Score: 1
  
  Or one of the non-Google Android branches. But iOS is far less tracky than Google, as far as I can tell
  
  --
  Your ad here. Ask me how!
Does it still need repeating? by Solandri · 2015-10-27 06:41 · Score: 1

If you aren't paying for a service, you aren't the customer. You're the product being sold.
1. Re:Does it still need repeating? by Flavianoep · 2015-10-27 07:08 · Score: 1
  
  It's worse, when you first use Whatsapp it's offered free for a year, after which you have to pay a modicum yearly to keep using the service, yet I've never heard of anyone paying to use it, and you are still the product being sold.
  
  --
  Linux is for people who don't mind RTFM.
2. Re:Does it still need repeating? by Anonymous Coward · 2015-10-27 07:13 · Score: 0
  
  And if you're paying for a service, you are just being ripped off. You're still the product being sold.
3. Re:Does it still need repeating? by Anonymous Coward · 2015-10-27 07:36 · Score: 0
  
  Been using it for years, along with my friends. None of others were ever asked to pay. I know that it says that you're supposed to pay something like 99 cents a year after the first year, but I don't think anyone has ever done so.
4. Re:Does it still need repeating? by farble1670 · 2015-10-27 08:16 · Score: 1
  
  If you aren't paying for a service, you aren't the customer. You're the product being sold.
  queue the guy that thinks he's dropping some profound knowledge on the unenlightened masses. everyone knows that. we know it, and we're okay with it.
5. Re:Does it still need repeating? by tehcyder · 2015-10-28 01:55 · Score: 1
  
  If you aren't paying for a service, you aren't the customer. You're the product being sold.
  So? No one's forcing you to use these free services.
  Why is there this feeling that you are entitled to everything for free?
  Until we turn into something like Iain M Banks's post-scarcity Culture there really are no free lunches.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
6. Re:Does it still need repeating? by Anonymous Coward · 2015-10-29 17:32 · Score: 0
  
  If you aren't paying for a service, you aren't the customer. You're the product being sold.
  I never trusted that shady Linux "free"ware.
LOL by campuscodi · 2015-10-27 06:47 · Score: 2

Can someone replace the Net-Security link with the original source: http://www.newhaven.edu/news-e... Those infosec professionals just copy-pasted the original text on their website and are passing it as their own.
1. Re:LOL by Anonymous Coward · 2015-10-27 07:36 · Score: 0
  
  No they aren't, it was a press release specifically designed to be used by news sources.
2. Re:LOL by Anonymous Coward · 2015-11-02 13:33 · Score: 0
  
  Did you ever see a "news organization" just copy-paste these news releases? No. Because people leave sources intact, they don't copy them.
No. by Anonymous Coward · 2015-10-27 08:27 · Score: 0

FACEBOOK collects that stuff.
They do it via Whatsapp.
Let them have it by nospam007 · 2015-10-27 11:41 · Score: 1

I use whatapp on my 50$ fire and I had to use a used simcard to activate it, since apparently whatsapp "doesn't work on tablets" but I didn't know that. :-)
I had bought a a few dozen used prepaid simcards on ebay just for these purposes, to receive a single SMS before throwing it away.
Lots of sites have begun to use such systems and this is the way to circumvent that.
It's cheaper than burner phones.
1. Re:Let them have it by tehcyder · 2015-10-28 01:57 · Score: 1
  
  I use whatapp on my 50$ fire and I had to use a used simcard to activate it, since apparently whatsapp "doesn't work on tablets" but I didn't know that. :-)
  I had bought a a few dozen used prepaid simcards on ebay just for these purposes, to receive a single SMS before throwing it away. Lots of sites have begun to use such systems and this is the way to circumvent that. It's cheaper than burner phones.
  Unless you're James Bond, who could be bothered?
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Weak encryption by manu0601 · 2015-10-27 14:53 · Score: 1

If researchers were able to crack encryption, it means crooks can do it too.
Not only this app spy on its user on behalf of its creator, but it can also be used by third parties.
Can we still trust Open Whisper Systems? by Anonymous Coward · 2015-10-27 23:11 · Score: 0

They must have been aware of this when they struck a deal with Whatsapp and gave it legitimacy.