Whatsapp flaw could reveal all your past conversations
Posted on 12 March 2014.
A new Whatsapp flaw that allows any other applications on your Android device to exfiltrate and decrypt past Whatsapp conversations has been discovered and revealed by security consultant Bas Bosschert.

"Facebook didnít need to buy WhatsApp to read your chats," he says, and explains: "The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem."

The creator of a rogue application designed to do just that can hide what the app is really doing by showing a loading screen while the user is waiting for the app to start.

Whatsapp conversations have previously been stored in plain text, but newer versions of the app encrypt the databases storing them. Unfortunately, they are easily decrypted - Bosschert did it with a simple Python script, using the AES key he got from Whatsapp Xtract, a tool that backs up and displays Whatsapp chats on a computer.

Yes, Whatsapp apparently uses the same encryption code for every user.

The company has still not commented on the issue, but some users did, and have pointed out that the approach only works when the WhatsApp backup feature is used, and the feature is not turned on by default.

Whatsapp has issued an update for the app today, but it didn't fix the issue.









Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //