Whatsapp flaw could reveal all your past conversations
Posted on 12 March 2014.
A new Whatsapp flaw that allows any other applications on your Android device to exfiltrate and decrypt past Whatsapp conversations has been discovered and revealed by security consultant Bas Bosschert.

"Facebook didnít need to buy WhatsApp to read your chats," he says, and explains: "The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since majority of the people allows everything on their Android device, this is not much of a problem."

The creator of a rogue application designed to do just that can hide what the app is really doing by showing a loading screen while the user is waiting for the app to start.

Whatsapp conversations have previously been stored in plain text, but newer versions of the app encrypt the databases storing them. Unfortunately, they are easily decrypted - Bosschert did it with a simple Python script, using the AES key he got from Whatsapp Xtract, a tool that backs up and displays Whatsapp chats on a computer.

Yes, Whatsapp apparently uses the same encryption code for every user.

The company has still not commented on the issue, but some users did, and have pointed out that the approach only works when the WhatsApp backup feature is used, and the feature is not turned on by default.

Whatsapp has issued an update for the app today, but it didn't fix the issue.









Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //