InfoSecBulletin Cybersecurity for mankind
WhatsApp introduces a privacy feature called “Protect IP Address in Calls.” This feature masks users’ IP addresses by relaying the calls through its servers.
WhatsApp stated that calls are end-to-end encrypted, meaning that even if a call goes through their servers, they cannot listen to the calls.
CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library
NVIDIA Releases Security Update For GPU Driver Vulnerabilities
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure
NVIDIA NeMo Framework Vuln Allow Attackers RCE
Cisco Issued Urgent Security Advisories For Multiple Products
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
The main idea is to increase the difficulty for malicious people on the call to figure out the user’s location. This is done by securely sending the connection through WhatsApp servers. But, there is a small decrease in call quality when using the privacy option.
ALSO READ:
Microsoft Authenticator blocks suspicious MFA alerts by default
It’s similar to Apple’s iCloud Private Relay. It adds a layer of anonymity by routing users’ Safari browsing sessions through two secure internet relays.
The “Protect IP Address in Calls” feature has been in development since at least August 2023, according to WABetaInfo.
WhatsApp said that enabling this feature would relay all calls through their servers, protecting your IP address and preventing others from determining your general location.
“This new feature provides an additional layer of privacy and security particularly geared towards our most privacy-conscious users.”
The feature enhances user privacy and security by ensuring unwanted contact is filtered and minimizing the risk of zero-click attacks and spyware.
WhatsApp’s silenced call feature uses a special protocol to minimize the processing of data controlled by attackers. This is done by using a privacy token.
When making a call, the caller includes the recipient’s privacy token in the message. The server then checks the validity of the token and other factors to decide if the recipient allows the caller to call them.
“For privacy reasons, the server does not gain knowledge of the specific relationship between caller and recipient from the token.”
