x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Android version of WhatsApp lets hackers read your messages

Android version of WhatsApp lets hackers read your messages

Posted: , by Alan F.

Tags:

Android version of WhatsApp lets hackers read your messages
Those using the Android version of WhatsApp might feel a bit violated. A flaw in the way that conversations are stored and encrypted allows hackers to use another app to read your messages. This flaw was discovered by Bas Bosschert, security expert and CTO at DoubleThink, and is still there despite an update on Tuesday to version 2.11.186.

WhatsApp keeps your conversations stored on a microSD card. If you have allowed other apps to access your microSD card, past conversations can be accessed. This is not just a problem with WhatsApp, but is something that afflicts other Android apps as well. And despite WhatsApp's encryption process, a savvy hacker can still crack the code.

While WhatsApp uses the microSD slot to capture conversations, it doesn't have to save them in this manner. If WhatsApp can change the way it stores conversations, they could be made more secure. Until then, it is just another security issue to worry about.

source: BasBosschert via RedmondPie

Like this story? Like us on Facebook to follow our posts:

44 Comments
  • Options
    Close




posted on 12 Mar 2014, 14:55 8

1. sprockkets (Posts: 1146; Member since: 16 Jan 2012)


A lot of bs in this posting - the code that extracts the msgs is right on xda's website, which allows android AND IPHONE users to crack their what's app messages.

Guess who didn't store the info on internal storage (properly sandboxed as sd cards with FAT on them can't use permissions) and properly encrypted them? Whatsapp. They already did poor crypto as it was and was warned about it almost over a year ago.

They may preach about their security but they actually suck royally at it.

posted on 12 Mar 2014, 16:19 8

2. Finalflash (Posts: 1545; Member since: 23 Jul 2013)


Damn why is Alan still working at PA, the other authors don't pull this crap. Why is this Android's fault, it is the developer that allows this method but the blame is on the OS for some reason. Also, a "hacker" has to decrypt the whole thing after they obtain it off the micro sd. So WHY do you have such serious enemies and if you really do, why are you messaging your nuclear launch codes on whatsapp? GOD, the article makes it look like the average school girl should now consider an iPhone (does WP have whatsapp yet?) because apparently her musings about her crush to her friends are now under threat (although said smart ass hacker could just get it off the iPhone as well).

posted on 12 Mar 2014, 16:33 3

3. Sauce (unregistered)


Because this is about a flaw in Android makes this "crap"? Stop getting so mad and mentally violated. If it is such a problem, every single article, why do you visit this website still? All I see you post is bitc**** comments on why Apple is the devil of the world lol.

posted on 12 Mar 2014, 18:10 6

8. Finalflash (Posts: 1545; Member since: 23 Jul 2013)


Lol are you stupid or something? I assume you have no idea how that whole mechanism works (probably didn't read the article either) so here's a quick explanation. Android allows saving data to SD.... Developer of whatsapp saves encrypted convos to SD.... Fan boy author blames OS when developer chose to do something they usually shouldn't. Note still, the data is encrypted and apparently you need a "hacker" to get at it... But that's not enough because apparently there are a lot of cryptography experts running around.

posted on 12 Mar 2014, 18:43 1

15. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


Yet, if this was WP with the issue you would say WP is crap.. A lot of hypocrisy on your part lately....

posted on 13 Mar 2014, 12:05 1

39. sgodsell (Posts: 1014; Member since: 16 Mar 2013)


Well WP doesn't even let you choose directories or files because the WP OS is very limiting and restrictive. There isn't even a file explorer for WP. So since you brought up WP here, then yes it is crap.

posted on 13 Mar 2014, 05:49 1

36. RebelwithoutaClue (Posts: 564; Member since: 05 Apr 2013)


Although I do agree Google should work on a better sandbox implementation, I do think apps are to blame if they don't provide better security. Whatsapp knows how Android file system works and should have done more to protect it's files.

posted on 13 Mar 2014, 18:14 1

42. darkkjedii (Posts: 10306; Member since: 05 Feb 2011)


Dude FF had AMS (A)pple (M)enstral (S)yndrome. That dude got a serious H.O. For apple. Tim Cook had better beware.

posted on 12 Mar 2014, 16:36 4

4. noler (Posts: 164; Member since: 19 Aug 2013)


Yes, WP have whatsapp and instead of asking the right questions you defend Android like it's your wife. The right questions is why the OS allow other applications to access data that belong to another application?

posted on 12 Mar 2014, 18:11 4

9. Finalflash (Posts: 1545; Member since: 23 Jul 2013)


Because the developer allowed it... The OS can't do anything about it when the developer puts it in such a place by choice... Is that too difficult for you to understand?

posted on 12 Mar 2014, 18:24 2

11. Sauce (unregistered)


The OS could have better "micro defined" restriction, for this reason. Quit your bitc*ing. Stop getting trolled.

posted on 12 Mar 2014, 18:36 1

13. noler (Posts: 164; Member since: 19 Aug 2013)


This is exactly the problem "The OS can't do anything about it ".
"developer puts it in such a place"?? so SD is like an open garden that any app can steal Information and asset from other app? Maybe all the developers need to stop using SD because @Finalflash says "The OS can't do anything about it "

posted on 12 Mar 2014, 18:41 4

14. sprockkets (Posts: 1146; Member since: 16 Jan 2012)


Maybe they didn't make a wp version because they like have no marketshare for it, duh.

posted on 12 Mar 2014, 18:47

18. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


WP doesn't have Whatsapp?... Did they pull it from the store?... What did I miss?

posted on 13 Mar 2014, 12:09 1

40. sgodsell (Posts: 1014; Member since: 16 Mar 2013)


If you want a simpleton device with no file explorer that is closed and filled with limits and restrictions, then WP is for you. But if you want to be able to control what goes on in your device, then Android is for everyone else.

posted on 12 Mar 2014, 16:45 5

5. PapaSmurf (Posts: 7659; Member since: 14 May 2012)


I accidentally clicked on this article. Good thing I did. Kicking back and watching the show.

posted on 12 Mar 2014, 16:54 2

6. Sauce (unregistered)


I suggest getting Orville Redenbacher kettle corn. Best crunch and all around flavor ;D

posted on 12 Mar 2014, 18:44

16. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


Lol!!!... That's hilarious!!

posted on 13 Mar 2014, 18:16

43. darkkjedii (Posts: 10306; Member since: 05 Feb 2011)


Dude Finalflash has it in for apple, apple pie, apple jacks, apple cider, apple juice, candy apples, apple ale mode.

posted on 12 Mar 2014, 18:25 1

12. Topcat488 (Posts: 1123; Member since: 29 Sep 2012)


Dude calm down, You are right it's not Androids fault. The iphone can't be hacked because it "doesn't have a SD card". You have to pay $99.00 or more for the extra internal memory. But It'll be fixed soon, so chill. Anyway when FB takes over i'm uninstalling anyway what's app. O.o @post#2

posted on 13 Mar 2014, 18:11 1

41. darkkjedii (Posts: 10306; Member since: 05 Feb 2011)


Dude you really do have issues don't you? I bet you'd turn a goober peanut butter and jelly commercial into a negative apple rant lol. Man you need to get laid dude, something's not rite with you.

posted on 13 Mar 2014, 18:53

44. Sauce (unregistered)


If he ever were to get laid in his sorry sad life, I bet it would be from some guy. Lets just say, they won't be making eye contact.

posted on 12 Mar 2014, 19:25

19. InspectorGadget80 (Posts: 6205; Member since: 26 Mar 2011)


and a lot of lazy a$$ hackers.

posted on 12 Mar 2014, 17:25 2

7. sip1995 (Posts: 738; Member since: 07 Feb 2014)


Android=Malware

posted on 12 Mar 2014, 18:14 14

10. PapaSmurf (Posts: 7659; Member since: 14 May 2012)


2010 called. They said to get new jokes.

posted on 12 Mar 2014, 19:38 1

20. skyline88 (Posts: 309; Member since: 15 Jul 2013)


crappy iOS = Every-Ware

posted on 12 Mar 2014, 20:24 5

22. joey_sfb (Posts: 2712; Member since: 29 Mar 2012)


Why does your robot bleed? Common sense may not be that common after all.

posted on 12 Mar 2014, 22:19 1

29. sprockkets (Posts: 1146; Member since: 16 Jan 2012)


Btw this won't work in 4.4.

posted on 12 Mar 2014, 18:45

17. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


Does the WP app have a security issue?

posted on 12 Mar 2014, 20:30 4

23. joey_sfb (Posts: 2712; Member since: 29 Mar 2012)


Yes! Of course. Since you asked.

http://www.neowin.net/news/wp7-avg-antivirus-app-is-possibly-spyware

posted on 12 Mar 2014, 22:07 1

26. elitewolverine (Posts: 1304; Member since: 28 Oct 2013)


how does this affect whats app on WP? That is like asking if WP serves icecream and talking about canoes...

posted on 13 Mar 2014, 03:09

32. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


That's old, it's about WP7, and I'm talking about Whatsapp.... God man!.. What grade are you in?.. For real.. Answer the question.. What grade are you in????

posted on 12 Mar 2014, 20:37 3

24. joey_sfb (Posts: 2712; Member since: 29 Mar 2012)


Another example to that wp 8 security issue, this time from the horse's mouth Microsoft.

http://www.the41.com/buzz/press/microsoft-warns-windows-phone-8-wi-fi-weakness

posted on 12 Mar 2014, 22:10 1

27. elitewolverine (Posts: 1304; Member since: 28 Oct 2013)


Same for you, hey I wonder if WP Whats App has this issue.

Who knows but hey lets talk about wifi...oh look chipmunk, oh look another droid flaw, oh look google.process stopped...end transmission

posted on 12 Mar 2014, 22:17 2

28. joey_sfb (Posts: 2712; Member since: 29 Mar 2012)


Is this suppose to be funny? lol!

posted on 12 Mar 2014, 19:39 4

21. techperson211 (Posts: 494; Member since: 27 Feb 2014)


Well I don't use what's app.

posted on 12 Mar 2014, 21:40 4

25. JMartin22 (Posts: 754; Member since: 30 Apr 2013)


It's an exploit as someone mentioned on a developer level. Not a core OS issue. I don't know why PA keeps this posting this propaganda about Android... or wait, I do, web hits. This reminds me of the Windows OS vs Mac OS security debate a couple years back..

When you're less than 10% of the market share, have less content support and are connected to the Internet by countless millions less, of course the Mac was going to be labeled more "safe". But in actuality, real legitimate hackers and threats will violate and bypass anything that has enough interest and popularity.

posted on 13 Mar 2014, 01:03 2

30. Ishmeet (Posts: 111; Member since: 16 Sep 2013)


Perfectly true. People just say that android is a malware infested OS,and claim their platform of choice to be the safest. Malware is targeted due to large user base, not easy vulnerabilities. While it's entirely possible to infect other platforms with this kind of malware too, and was even demoed by a university, some time ago, in an experiment. But hackers don't do so due to comparitively less market as compared to android OS.

posted on 13 Mar 2014, 01:27 1

31. AfterShock (Posts: 2530; Member since: 02 Nov 2012)


WhatsApp lol.
I don't hangout there.

posted on 13 Mar 2014, 03:12

34. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


Age?. Honest question, and don't be scared.. What's your age?... I'm 36...you???????

posted on 13 Mar 2014, 04:11

35. PapaSmurf (Posts: 7659; Member since: 14 May 2012)


Whaaaaaattt.... I'm over here thinking you're in your late twenties for some reason.

posted on 13 Mar 2014, 07:40

37. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


If you meet me you would still think so.. Everyone does...
..........................
The thing is that a lot of these guys who are probably in their mid to late twenties act like their in their early teens!!

posted on 13 Mar 2014, 07:54

38. rodneyej1 (Posts: 3493; Member since: 06 Jul 2013)


Lol!! It's kinda funny that some of these idiots would question a grown man about why he likes something.. I've been using smartphones since some of these trolls were just beginning to beg their moms for their hand me down feature phones... Lol!
I remember when iOS, and And Android, finally came around and everyone thought Shazam was amazing.. Lol!.. I had been using it for years... Maybe that's why I find it funny that people look down on WP for apps... With my years of using a smartphone I've learned that certain things aren't as important than others... In other words, my first smartphone, a WinMo device, performed like crap.. Once I experienced WP7, and it's performance was flawless, I was hooked by just that.. That alone was enough for me at first, and I was willing to sacrifice everything that Android, and iOS, had to offer just to have a trouble free experience.. And trust me I sacrificed a lot!
...................
A lot of people feel this way, so that says a lot for what MS came up with back in 2010.. Choosing WP is a very conscious decision on our parts, and people need to respect why we do...
..................
Nobody is naive to the faults of the platform, as trolls think, but it's improving... The irony of the situation is that as WP gets more features, and apps, that super fluid experience is kinda falling back, compared to version 7.xx..... Example?........XBM!

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories