Researchers discover security vulnerability in WhatsApp
10 comments
·November 19, 2025londons_explore
Sophira
Phone numbers were never supposed to be secret.
Nor were social security numbers.
ale42
A bit disappointing, I thought everybody knew it was possible to "enumerate" Whatsapp accounts? I was hoping for something more juicy like RCE...
ruinin
The most interesting vulnerability is the reuse of cryptographic keys, some of it apparently by design, like when transferring one's account to a new number - this can apparently be used to correlate identities despite the change of phone number.
Also, from examining the published data set I found it interesting that there are only five WhatsApp users registered in North Korea. I wonder who they are.
SweetSoftPillow
I'm almost 100% sure that one of them is the only North Korean Steam user.
mlmonkey
"security vulnerability" ....
TZubiri
Security vulnerability is a bit strong, but I don't blame news salesmen for making clickbait, it's all in the game
Krasnol
If you can identify a person in a country where WA shouldn't be available by sniffing out their profile, it may even end up being a deadly security vulnerability, but I don't blame someone on a tech bro forum for making a edgy comment, it's all in the game.
perch56
In a kinetic warfare or authoritarian context, this is rather a life safety vulnerability. In the industry, we call this the crossover from Information Security (InfoSec) to Operational Security (OpSec), where a digital flaw becomes a Kinetic Threat.
catmanjan
Kinetic Threat, thats a good one, I'm going to kinetically threaten your face!
The only fix to this is to replace phone numbers by secret 256 bit keys that are never reused...
Never gonna happen.