GUWAHATI, Jan 30 � A 17-year-old independent security researcher of the capital city who caught the attention of the cyber world for reporting the vulnerability in the widely popular mobile messaging app which allowed anyone to remotely crash WhatsApp by sending a specially crafted message of just 2kb in size, resulting in the loss of conversations, has now found loopholes in the Whatsapp Web which was launched recently.
According to this young man Indrajeet Bhuyan, using this vulnerability one can see users profile photo even if they hide it from people outside their contacts.
Indrajeet, a class XII student of Army Public School Narangi has reported two security loopholes in the WhatsApp web. He has described the first problem as WhatsApp photo privacy bug and the other as WhatsApp Web Photo Sync Bug.
�The new version of WhatsApp Web allows us to view a user�s profile image even if we are not on the contact list of that user. Even if the user has set the profile image privacy setting to Contacts Only, the profile picture can be viewed by out of contacts people as well,� said Indrajeet.
The second security concern is related to the WhatsApp Web Photo Syncing functionality.
�Whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can�t be viewed. However, the same photo, which has already been deleted by the user from mobile WhatsApp version, can be accessible by Whatsapp Web as the photo does not get deleted from its web client, revealing the fact that mobile and web clients of the service are not synced properly,� said Indrajeet.
It needs to be mentioned here that these findings of Indrajeet have been carried by online news portals like thehackernews and softpedia.
