If useste the application WhatsApp for chatting with friends, you should be very careful if you have it enabled feature of using the location “Location Share.”
While there is no problem communicating with WhatsApp between your phone and the company's most SSL-encapsulated server, a new security gap makes the application vulnerable to hackers.
According to UNH Cyber Forensics researchers Research & Education Group, the WhatsApp service that shows the location of the owner could put you at risk. But let's look at the vulnerability.
When you share your position through WhatsApp, you first have to locate yourself through Google Map in an app window as shown below:
Once you select your location, WhatsApp gives you a thumbnail image from Google Map service to share the icon with your friends. Unfortunately, WhatsApp downloads this one picture from Google, from channels that are not encrypted and thus a Man-in-the-middle attack could be carried out, as shown in the demonstration video below.
An image could be enough to expose your location, but practically this attack is only possible when the attacker and the victim are connected to the same network. This is something that greatly facilitates Man-in-the-middle attacks.
Researchers have already reported this flaw in the WhatsApp team and have already been corrected in the latest beta version of the application available on their official website, as reported by THN.
