How Secure Is WhatsApp?

By Paul Liu
Thursday, May 22nd, 2014

---

WhatsApp is a popular instant messaging service that is used by more than 450 million Smartphone users around the world. The service makes it easy to transmit text messages, audio messages, images and videos to one’s Smartphone contact list via the internet without having to pay the cellular providers for each and every message. Due to its innovative business model and massive user base, the service was recently acquired by Facebook for an eye-popping 19 billion dollars. This article will list down some of the security issues associated with the WhatsApp platform and its messaging system.

Although WhatsApp is an immensely popular messaging system, it has had a chequered history as far as security and user privacy is concerned. For instance, since the company uploads the contact list of all its users to its own database (to identify the list of people who are using the app), the privacy of people who are not using the app could be easily compromised.

Before August’ 2012, the company used to transmit messages in an unencrypted (plain text) format allowing anyone using the same Wi-Fi network to sniff out messages from WhatsApp users. Even after WhatsApp started encrypting messages, it was discovered that the company is using the same encryption key to encrypt all messages in a conversation. That means it is theoretically possible to decode a conversation by capturing part of the messages, matching the mathematical parts that encrypt the data and canceling them from the message. And since this vulnerability has not been fixed yet, it could be exploited by the hackers in the future as well.

In July 2013, it was discovered that the app did not secure its communication while connecting to payment processing sites like PayPal and Google Wallet. This makes it possible for a criminal to intercept the payment communication and collect the payment details from the users just by creating a fake website. However, since the app is free for a year, this method of attack requires patience on the part of hackers.

In March’ 2014, an Android specific security issue was discovered that makes it possible for others to read WhatsApp messages of a user through Android apps. This method of attack only works if the user has chosen to backup his/her WhatsApp messages on the SD card. Since there are many apps saving data on the SD card, it is possible to gain access to stored WhatsApp messages without the user’s knowledge. And once some gets access to the stored messages, it might be possible to decrypt them by using tools like WhatsApp Xtract.

Although WhatsApp is extremely popular among Smartphone users, it is not the most secure messaging system around. If you need total messaging secrecy then it is much better to use alternatives like Blackberry Messenger to send and receive messages. It is also a good idea to use a privacy service like a Virtual Private Network to safeguard your unsecured wireless sessions so that your private data (including WhatsApp messages) cannot be sniffed by hackers and criminals at coffee shops, airports or shopping malls.

---

• VPN Articles and News

May 22, 2014

• 0 Comments
• Leave Comment