AfterDawn: Tech news

WhatsApp for Android has vulnerability that could make your conversations public to other apps

Written by Andre Yoskowitz (Google+) @ 12 Mar 2014 21:57 User comments (3)

WhatsApp for Android has vulnerability that could make your conversations public to other apps It has been discovered that popular cross-platform messenger WhatsApp has a vulneranability that could make Android users susceptible to their conversations being read by other apps.
Even with the company's major update for Android this week, Bas Bosschert, CTO at DoubleThink, has posted a method to accessing WhatsApp chats, using an exploit in the service's encryption.

Bosschert (via TCrunch) explains how it works:

"WhatsApp for Android stores conversations on the phone's SD card, which is accessible by many other apps on the phone as long as the user gives those apps the permissions they ask for (many apps ask for full access to the phone). This is an infrastructure issue for Android more than a gaping security flaw on the part of WhatsApp.

From there, a malicious app could access the WhatsApp conversation database. Savvy users will note that this is hardly a hack but more of a problem with Android's data sandboxing system."


The CTO built a test app to try out his method, using a distracting splash screen to entertain users while their conversations were being taken. More recently, WhatsApp has patched the database to block the SQLite hack, but Bosschert built his own custom Python script which can once again decrypt the database.

More news

Previous Next

Related news

 

3 user comments

114.3.2014 10:16

I was about to say that the logs was always there but they already stated in the article that its not really a hack.



214.3.2014 23:14

Prefer the security of BBM anyway...

316.3.2014 10:20

Seriously why do they not solve these issues I bugs occur later but damn

Comments have been disabled for this article.

News archive