WhatsApp security flaw reportedly leaves your private messages at risk

[Justin Kahn]

An IT expert has uncovered another flaw in the popular messaging service WhatsApp. According to Netherlands based technical consultant Bas Bosschert, Android WhatsApp users are at risk of having their messages stolen.

Bosschert, who has more than a decade working in the field, said that it is very possible for developers to access chat history if the user isn't careful about which apps they download. By getting a user to install a malicious app, obviously disguised as something legitimate, the attacker can easily access his or her chat history from the back-ups WhatsApp makes on their device's SD card.

Described in detail on Bosschert's blog, code can be added to an Android game, for example, that would allow an attacker to stealthily extract WhatsApp data. Bosschert said the user would just see the game's load screen but they "wouldn't notice that their WhatsApp database has been uploaded" to the attacker's servers.

Previously, WhatsApp security was in question when computer science student Thijs Alkemade from the Netherlands said that ingoing and outgoing messages are encrypted with the same key. The issue being that this allows attackers to cancel out the key and easily recover the plain text data.

While Google specifically bans apps that collect info without the user's knowledge, as we all know this hasn't completely stopped other malicious software from appearing in the past. Users can avoid these kinds of apps by very carefully examining the permissions as well as ensuring the validity of the app's source before downloading and installing them.

Permalink to story.

https://www.techspot.com/news/55970-whatsapp-security-flaw-reportedly-leaves-your-private-messages-at-risk.html

 

[Lionvibez]

"Users can avoid these kinds of apps by very carefully examining the permissions as well as ensuring the validity of the app's source before downloading and installing them."

The problem with this is it requires you to read.

Most users can't be bothered to read they just install being a tech novice is down right danagerous these days.

Its almost to the point now where hackers can quit their days jobs and just do this 24/7 with all the sheepish easy targets out there.

 

[Skidmarksdeluxe]

I don't know what the big deal is. All apps can be compromised as far as I'm concerned. If attackers have nothing better to do than read my WhatsApp messages then they must lead a dull boring life.

 

[Capaill]

Given there are so many different permissions, many of which have very vague descriptions, does anyone really know which permission we are supposed to avoid? I always check the permissions of apps or updates but can't always tell how much damage an app can do by me accepting its permissions.

I have one game which has an update that requires the permission to Record Audio. Ain't no way I'm accepting that!

 

[Kibaruk]

If you install malware on your phone, you compromise the whole thing not just an app, that maybe one app is more susceptible or easy to compromise is another story but in the end a compromised phone is a compromised phone.

 

[Guest]

I have one game which has an update that requires the permission to Record Audio. Ain't no way I'm accepting that!

I've never heard of any game that requires the permission to Record Audio and I played lots of different games. What's the name of that game?

 

[Capaill]

Bunny Shooter best free game.
Like angry birds but with a bow and arrows. Was a good game til I saw that permission.

 

[Guest]

Bunny Shooter best free game.

Like angry birds but with a bow and arrows. Was a good game til I saw that permission.

Thanks for the info.