Users of the popular messaging platform WhatsApp — which was recently acquired by Facebook for $16 billion last month — may be facing a major security flaw.
According to security consultant Bas Bosschert (which first surfaced via the Hacker News message forum), it's possible for others to access your private WhatsApp chats.
When you use the app's built-in back-up mechanism — let's say to prevent losing messages after uninstalling/reinstalling the app or moving them to a new device — WhatsApp is allegedly using the same encryption code to protect you and everyone else (instead of creating a unique key for each user).
This means the back up is going to a database with insecure storage and the chats could potentially be read and stolen by another app. In theory, the developer behind another app could decrypt and ultimately gain access to those messages.
Bosschert notes on his website that the WhatsApp database is saved on an SD card that can be read by any Android app if a user gives access to it. This is a common practice in the app space.
"Since the majority of people allows everything on their Android device, this is not much of a problem," Bosschert writes.
WhatsApp has not yet responded to a request for comment.
Source Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.