Advertisement

Article

WhatsApp for Android security flaw exposes your chats

WhatsApp for Android security flaw exposes your chats
Lewis Leong

Lewis Leong

  • Updated:

A new security flaw was found in WhatsApp for Android, which allows third-party applications to read your chats. This is a separate issue from the possible fake messages that can be sent using the app.

Facebook didn’t need to buy WhatsApp to read your chats.

A system administrator named Bas Bosschert found the vulnerability. He created an app that quietly uploads a user’s WhatsApp chat history to a server controlled by an attacker. The flaw requires a user to give permission for a third-party app to access the memory of the device. Users often accept sweeping permissions like this on Android without reading closely.

WhatsApp encrypts chat databases but encryption keys are readily available. The open-source tool, Xtract, allows easy chat backup but also allows decryption of chat databases.

“So, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases. Facebook didn’t need to buy WhatsApp to read your chats,” writes Bosschert in a blog post.

We’ve reached out to WhatsApp for comment and will update this story when we hear back.

Source: Bas Bosschert | Ars Technica

RELATED STORIES

Lewis Leong

Lewis Leong

Latest from Lewis Leong

Editorial Guidelines