Nick H. Supervisor Posted October 8, 2012 Supervisor Share Posted October 8, 2012 WhatsApp accounts almost completely unprotectedTests performed by The H's associates at heise Security have found that popular texting alternative WhatsApp is easily hacked using freely available tools. Anyone using WhatsApp on a public Wi-Fi network risks having their data sniffed and their account used to send and receive messages. Once hacked, there is no way to restore account security ? attackers will be able to continue to use the hacked account at their discretion. Over the last week the lack of security inherent in WhatsApp's authentication has gradually become clear. Researchers have discovered that the client uses an internally generated password to log on to the server; this password is generated on Android devices from the device's serial number (IMEI) and on iOS devices from the MAC address of the Wi-Fi interface. The problem with this is that the information is anything other than secret ? the IMEI can often be found on stickers inside of Android phones (usually under the battery) and can also be obtained using a shortcut key combination or by any app. Source and more. Considering the age of this article (14th September) I'm assuming this isn't news to anyone? I couldn't find a thread about it though, so figured I'd post to be sure. Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/ Share on other sites More sharing options...
Steven P. Administrators Posted October 8, 2012 Administrators Share Posted October 8, 2012 Yeah I reported about this in August https://www.neowin.net/news/whatsapp-back-on-the-windows-phone-marketplace Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/#findComment-595233021 Share on other sites More sharing options...
neo1911 Posted October 8, 2012 Share Posted October 8, 2012 Probably username and password based security may have to be implemented. Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/#findComment-595233025 Share on other sites More sharing options...
Nick H. Supervisor Posted October 8, 2012 Author Supervisor Share Posted October 8, 2012 Yeah I reported about this in August http://www.neowin.ne...one-marketplace Oh yeah. Although I'm surprised there isn't an update on this, is there? I thought Whatsapp was quite a widely used app? Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/#findComment-595233027 Share on other sites More sharing options...
+InsaneNutter MVC Posted October 8, 2012 MVC Share Posted October 8, 2012 Now read that myself, however i was aware Whatsapp is very insecure. Another interesting article from May this year: WhatsAppSniffer Shames WhatsApp's Plaintext, Unprotected Chat Transfer Protocol, Shows Off Just How Much Can Be Sniffed. It looks like that was finally patched in August: WhatsApp no longer sends plain text WhatsApp appear to be threating legal action over people creating tools that exploit the service: http://www.h-online....rs-1716912.html ... why not just secure it then surly such tools will be useless?! Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/#findComment-595233029 Share on other sites More sharing options...
The Dark Knight Posted October 8, 2012 Share Posted October 8, 2012 WhatsApp appear to be threating legal action over people creating tools that exploit the service: http://www.h-online....rs-1716912.html ... why not just secure it then surly such tools will be useless?! Because it is a lot easier to sue instead of improving your own stuff. :D A certain other company is also famous for this. ;) javagreen 1 Share Link to comment https://www.neowin.net/forum/topic/1110809-whatsapp-accounts-almost-completely-unprotected/#findComment-595233041 Share on other sites More sharing options...
Recommended Posts