Security flaw on Android version of WhatsApp could leave user chats exposed

first_imgA SECURITY FLAW in the Android version of WhatsApp, which allows another application to upload a user’s chats without permission, was discovered.Bas Bosschert, a security consultant from Holland, found a loophole which would allow third-party app developers to gain access to a user’s entire message database.Since WhatsApp backs up its chat history and stores it on an Android device’s SD card, any app developer which asks for access to a phone’s SD card can then read and upload WhatsApp’s database. According to Bosschert:The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card. And since [the] majority of people allow everything on their Android device, this is not much of a problem. Android only allows developers full access to the SD card storage or none at all. Any application that can read and write to the external storage can also read what other applications are stored there.While later versions of WhatsApp encrypt the database, they use a key which can be easily extracted from the app using third-party tools like WhatsApp Xtract.This isn’t the first time WhatsApp has been at the centre of security concerns. Back in October, Thijs Alkemade, a computer science and mathematics student at Utrecht University in the Netherlands, found that WhatsApp’s ingoing and outgoing messages were encrypted with the same key.This meant that by intercepting a message, you could cancel out the key and recover the plain text by analysing themRead: WhatsApp apologises after ‘server issues’ affect millions worldwide >Read: The knock-on effect: WhatsApp rival adds 8m users in 4 days >last_img read more

Read more


Tags: , , , ,