(First Published on Medium February 2020)
Further to my recent blog post on how we can leverage messenger apps for OSINT. I mentioned two apps that needed further examination, WeChat & IMO, the below is above and beyond entering a subject mobile number which you want to research but will give you a taster of what you can find.
Within the UK we have communities that are culturally diverse who have international heritage. This I’m sure will be replicated within Western Europe and the US too. It is important as an OSINT investigator in that case to look beyond the popular Western apps such as WhatsApp.
WeChat is enormously popular in China with over 1.132 billion monthly active users. A figure I found from 2016 suggested that WeChat is used by 70 million people outside of China too.
IMO isn’t as popular but boasts in the region of 200 million users as of 2018. From the research I carried out on the app, it appears popular in the Middle East, Pakistan & India.
Now both these apps appear not to have the same privacy considerations as other more popular messengering apps. This maybe down to a different cultural attitude towards privacy. From the articles I have read certainly the Chinese Government appears to have an amount of influence in relation to WeChat. I mentioned previously I was having issues with the desktop client, this I believe is down to the use of a VPN and other Opsec measures deployed.
WeChat is China’s version of Facebook, plus more. It has a search bar functionality, you can use it to buy items in a similar way to Apple Pay or Google Pay. I’ll stop there.
So moving on, within the WeChat, Discover menu you will see people who are nearby your location. I tested this feature at a venue I went to recently and it was showing people within 100 metres of my location. (I haven’t tested its accuracy)
The following information was using Paris as my location, someone appeared to be within 600 metres of my location however they do not appear to be a Parisian. In essence when you create your WeChat account you select the Region you are from. This person was from the city of Fuzhou in the Fujian Province of China.
The, “What’s Up” field is an area where you can add pretty much anything you like. In this case a mobile number appears to have been entered which has a French prefix. (Maybe a tourist who has purchased a French mobile for their trip.)
Now to protect this person privacy I won’t include any screenshots etc but what I can tell you, is that there was a name and profile picture. WeChat has a, Moments page on a user profile, similar if you will to Facebook’s Timeline On the 24th November 2019 this user had posted a picture of them self with the back drop of a coastline.
So we have a location, profile picture, name, mobile number and recent visited location, which could be reversed image searched, all within about 5 minutes.
IMO will show you in the, Explore, menu who is presently Online, Nearby Groups and also a Live option, which allows you to stream live. When I tested this on a burner I-Phone the live option wasn’t available. Within the Live menu you have, Recommend, Nearby, Language & Country.
These Explore options are no way as granular as WeChat. So for instances the, “Nearby Group” option returns groups quite a distance away probably reflected in the fact that this app is not as popular as WeChat.
The, “Who is presently on line,” will allow you to send a, “Wave” to anyone and they can also sent you a wave back. Once you accept a wave you can start chatting. You do not have to sent a, “Wave” to see their profile information.
From an OSINT perspective it allows you access to their profile picture and any other bio information they may have on show. You will obtain the name that they have given themselves too as is the same with WeChat. Something to note, you can see people who have visited you in your profile settings so it goes without saying that your subject will be able to see your visits too.
So I looked at someone who was online and found the following information came from the first person on the list.
Name, profile picture, the city in the UK where they lived, their employment status, current relationship status as well as what may have been a picture of their living room. Clearly from an OSINT perspective there are opportunities to explore from what has been found.
Now the purpose of this blog is to highlight the potential for OSINT if we look outside of the traditional messaging apps that we associate with the West and to give a little bit of an insight on what can be found. If you want to use this blog to improve your privacy, then that’s cool too.
Disclaimer:- before attempting to use any of these apps please think of your OpSec and do not use any device that is linked to you personally. What you discover will be dictated by the privacy settings of the other users.
Also a little clarity in relation to the use of an emulator, one article I read in relation to WeChat stated that if WeChat detected the use of an emulator they would suspend your account.
In my next blog I will write about the setup I used to conduct the research into the messenger apps.