Whatsapp, the global messaging application that was added to Facebook’s collection of companies sometimes ago launched a feature with the application (although yet to come to older Blackberry device users) which would allow users make calls to themselves, charging them only data costs instead of the normal rates applied by service providers. However, as nice as this may sound, new research has popped up to suggest that the Whatsapp call feature might actually be a breeding ground for data harvesting for future purposes.
With the call feature, Whatsapp would be able to get things like call durations, phone numbers of users and other related information likewise which could then be put into use in the future for research and studies.
The article revealing this is titled “WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages” and written by F. Karpisek (Brno University of Technology in the Czech Republic) and the duo of Ibrahim (Abe) Baggili and Frank Breitinger who are the co-directors of the Cyber Forensics Research & Education Group at the University of New Haven.
The observations that were made by these people according to their reports are as follows.
According to the researchers at the University of New Haven, WhatsApp uses FunXMPP protocol (deviated version of XMPP) XMPP has been used by Google for one its communication services, the Gtalk. The researchers were able to acquire a variety of artifacts from network traffic, including WhatsApp phone numbers, WhatsApp phone call establishment metadata and date-time stamps, and WhatsApp phone call duration metadata and date-time stamps.
They also were able to acquire WhatsApp’s phone call voice codec (Opus) and WhatsApp’s relay server IP addresses used during the calls.”
If carefully looked into, this looks like a flaw that might get exploited if Whatsapp doesn’t do something about it.