Android version of WhatsApp lets hackers read your messages

Android version of WhatsApp lets hackers read your messages
Those using the Android version of WhatsApp might feel a bit violated. A flaw in the way that conversations are stored and encrypted allows hackers to use another app to read your messages. This flaw was discovered by Bas Bosschert, security expert and CTO at DoubleThink, and is still there despite an update on Tuesday to version 2.11.186.

WhatsApp keeps your conversations stored on a microSD card. If you have allowed other apps to access your microSD card, past conversations can be accessed. This is not just a problem with WhatsApp, but is something that afflicts other Android apps as well. And despite WhatsApp's encryption process, a savvy hacker can still crack the code.

While WhatsApp uses the microSD slot to capture conversations, it doesn't have to save them in this manner. If WhatsApp can change the way it stores conversations, they could be made more secure. Until then, it is just another security issue to worry about.

source: BasBosschert via RedmondPie

FEATURED VIDEO

45 Comments

1. sprockkets

Posts: 1612; Member since: Jan 16, 2012

A lot of bs in this posting - the code that extracts the msgs is right on xda's website, which allows android AND IPHONE users to crack their what's app messages. Guess who didn't store the info on internal storage (properly sandboxed as sd cards with FAT on them can't use permissions) and properly encrypted them? Whatsapp. They already did poor crypto as it was and was warned about it almost over a year ago. They may preach about their security but they actually suck royally at it.

2. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Damn why is Alan still working at PA, the other authors don't pull this crap. Why is this Android's fault, it is the developer that allows this method but the blame is on the OS for some reason. Also, a "hacker" has to decrypt the whole thing after they obtain it off the micro sd. So WHY do you have such serious enemies and if you really do, why are you messaging your nuclear launch codes on whatsapp? GOD, the article makes it look like the average school girl should now consider an iPhone (does WP have whatsapp yet?) because apparently her musings about her crush to her friends are now under threat (although said smart ass hacker could just get it off the iPhone as well).

3. Sauce unregistered

Because this is about a flaw in Android makes this "crap"? Stop getting so mad and mentally violated. If it is such a problem, every single article, why do you visit this website still? All I see you post is bitc**** comments on why Apple is the devil of the world lol.

8. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Lol are you stupid or something? I assume you have no idea how that whole mechanism works (probably didn't read the article either) so here's a quick explanation. Android allows saving data to SD.... Developer of whatsapp saves encrypted convos to SD.... Fan boy author blames OS when developer chose to do something they usually shouldn't. Note still, the data is encrypted and apparently you need a "hacker" to get at it... But that's not enough because apparently there are a lot of cryptography experts running around.

15. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

Yet, if this was WP with the issue you would say WP is crap.. A lot of hypocrisy on your part lately....

39. sgodsell

Posts: 7456; Member since: Mar 16, 2013

Well WP doesn't even let you choose directories or files because the WP OS is very limiting and restrictive. There isn't even a file explorer for WP. So since you brought up WP here, then yes it is crap.

36. RebelwithoutaClue unregistered

Although I do agree Google should work on a better sandbox implementation, I do think apps are to blame if they don't provide better security. Whatsapp knows how Android file system works and should have done more to protect it's files.

42. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

Dude FF had AMS (A)pple (M)enstral (S)yndrome. That dude got a serious H.O. For apple. Tim Cook had better beware.

4. noler

Posts: 326; Member since: Aug 19, 2013

Yes, WP have whatsapp and instead of asking the right questions you defend Android like it's your wife. The right questions is why the OS allow other applications to access data that belong to another application?

9. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Because the developer allowed it... The OS can't do anything about it when the developer puts it in such a place by choice... Is that too difficult for you to understand?

11. Sauce unregistered

The OS could have better "micro defined" restriction, for this reason. Quit your bitc*ing. Stop getting trolled.

13. noler

Posts: 326; Member since: Aug 19, 2013

This is exactly the problem "The OS can't do anything about it ". "developer puts it in such a place"?? so SD is like an open garden that any app can steal Information and asset from other app? Maybe all the developers need to stop using SD because @Finalflash says "The OS can't do anything about it "

14. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Maybe they didn't make a wp version because they like have no marketshare for it, duh.

18. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

WP doesn't have Whatsapp?... Did they pull it from the store?... What did I miss?

40. sgodsell

Posts: 7456; Member since: Mar 16, 2013

If you want a simpleton device with no file explorer that is closed and filled with limits and restrictions, then WP is for you. But if you want to be able to control what goes on in your device, then Android is for everyone else.

5. PapaSmurf

Posts: 10457; Member since: May 14, 2012

I accidentally clicked on this article. Good thing I did. Kicking back and watching the show.

6. Sauce unregistered

I suggest getting Orville Redenbacher kettle corn. Best crunch and all around flavor ;D

16. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

Lol!!!... That's hilarious!!

43. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

Dude Finalflash has it in for apple, apple pie, apple jacks, apple cider, apple juice, candy apples, apple ale mode.

12. Topcat488

Posts: 1416; Member since: Sep 29, 2012

Dude calm down, You are right it's not Androids fault. The iphone can't be hacked because it "doesn't have a SD card". You have to pay $99.00 or more for the extra internal memory. But It'll be fixed soon, so chill. Anyway when FB takes over i'm uninstalling anyway what's app. O.o @post#2

41. darkkjedii

Posts: 31328; Member since: Feb 05, 2011

Dude you really do have issues don't you? I bet you'd turn a goober peanut butter and jelly commercial into a negative apple rant lol. Man you need to get laid dude, something's not rite with you.

44. Sauce unregistered

If he ever were to get laid in his sorry sad life, I bet it would be from some guy. Lets just say, they won't be making eye contact.

19. InspectorGadget80 unregistered

and a lot of lazy a$$ hackers.

7. sip1995

Posts: 1771; Member since: Feb 07, 2014

Android=Malware

10. PapaSmurf

Posts: 10457; Member since: May 14, 2012

2010 called. They said to get new jokes.

20. skyline88

Posts: 698; Member since: Jul 15, 2013

crappy iOS = Every-Ware

22. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Why does your robot bleed? Common sense may not be that common after all.

29. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Btw this won't work in 4.4.

17. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

Does the WP app have a security issue?

23. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.