jumia

Friday, 14 March 2014

Are your WhatsApp chats safe? Warning as security expert says rogue Android apps could reveal your entire history to hackers

  • Security expert published 'proof of concept' complete with code
  • Could allow rogue apps to sens a chat history to hackers
  • Whatsapp says claim is 'overstated'
Flaws in Android could be used to allow hackers to read WhatApp chats, it has been claimed.
Dutch security expert Bass Bosschert said the flaw allowed any app to read and send chat logs.
He fears it could be used by hackers to create 'rogue' apps.
Dutch security expert Bass Bosschert said the flaw allowed any app to read and send chat logs.
Dutch security expert Bass Bosschert said the flaw allowed any app to read and send chat logs.

'The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card.


'And since majority of the people allows everything on their Android device, this is not much of a problem,' Bas Bosschert wrote on his blog.
He outlined the steps needed - and even provided the code to do it.
'What do we need to steal someone's WhatsApp database? First we need a place to store the database," Bosschert explained. 
'Next thing we need is an Android application which uploads the WhatsApp database to the website.'
He also revealed how to add the required code to an existing app.
'By doing the magic in the loading screen you can also add this code to a real application instead of the Hello World message you see now.
'Combine it with something like FlappyBird and a description how to install applications from unknown sources and you can harvest a lot of databases.'
The flaw only affects Android handsets - with iPhone and Windows Phone users in the clear
The flaw only affects Android handsets - with iPhone and Windows Phone users in the clear

'So, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases.
'Facebook didn’t need to buy WhatsApp to read your chats.'
Whatsapp said the claims have been overstated.
'We are aware of the reports regarding a ‘security flaw,’ it told TechCrunch.
'Unfortunately, these reports have not painted an accurate picture and are overstated.
'Under normal circumstances the data on a microSD card is not exposed.
'However, if a device owner downloads malware or a virus, their phone will be at risk.
'As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies.'


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)