WhatsApp Security Flaw Means Your Messages May Not Actually Be Private

  • 11 March 2014
  • 1 reply
  • 6 views

Userlevel 7
Badge +54
Users of the popular messaging platform WhatsApp — which was recently acquired by Facebook for $16 billion last month — may be facing a major security flaw.

According to security consultant Bas Bosschert (which first surfaced via the Hacker News message forum), it's possible for others to access your private WhatsApp chats.

When you use the app's built-in back-up mechanism — let's say to prevent losing messages after uninstalling/reinstalling the app or moving them to a new device — WhatsApp is allegedly using the same encryption code to protect you and everyone else (instead of creating a unique key for each user).

This means the back up is going to a database with insecure storage and the chats could potentially be read and stolen by another app. In theory, the developer behind another app could decrypt and ultimately gain access to those messages.

Bosschert notes on his website that the WhatsApp database is saved on an SD card that can be read by any Android app if a user gives access to it. This is a common practice in the app space.

"Since the majority of people allows everything on their Android device, this is not much of a problem," Bosschert writes.

WhatsApp has not yet responded to a request for comment.
 
Source Article

1 reply

Userlevel 5
My sister will be mad if this happens to her!

Reply