WhatsApp for Android has vulnerability that could make your conversations public to other apps

WhatsApp for Android has vulnerability that could make your conversations public to other apps
It has been discovered that popular cross-platform messenger WhatsApp has a vulneranability that could make Android users susceptible to their conversations being read by other apps.

Even with the company's major update for Android this week, Bas Bosschert, CTO at DoubleThink, has posted a method to accessing WhatsApp chats, using an exploit in the service's encryption.



Bosschert (via TCrunch) explains how it works:

"WhatsApp for Android stores conversations on the phone's SD card, which is accessible by many other apps on the phone as long as the user gives those apps the permissions they ask for (many apps ask for full access to the phone). This is an infrastructure issue for Android more than a gaping security flaw on the part of WhatsApp.

From there, a malicious app could access the WhatsApp conversation database. Savvy users will note that this is hardly a hack but more of a problem with Android's data sandboxing system."


The CTO built a test app to try out his method, using a distracting splash screen to entertain users while their conversations were being taken. More recently, WhatsApp has patched the database to block the SQLite hack, but Bosschert built his own custom Python script which can once again decrypt the database.

Written by: Andre Yoskowitz @ 12 Mar 2014 21:57
Tags
Android WhatsApp
Advertisement - News comments available below the ad
  • 3 comments
  • biglo30

    I was about to say that the logs was always there but they already stated in the article that its not really a hack.


    14.3.2014 10:16 #1

  • kutulu1

    Prefer the security of BBM anyway...

    14.3.2014 23:14 #2

  • A5J4DX

    Seriously why do they not solve these issues I bugs occur later but damn

    16.3.2014 10:20 #3

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud