The android messenger application Whatsapp is an apps which is the top of the download charts at playstore, both on Apple's iPhone as well as Google's Android operatinh system it is one of the most popular application ever. Whatsapp has much to the annoyance of the mobile operator - established as a quasi-standard replacement for the paid, old message. The developers state that every day more than 10 billion messages pass through their servers.
But the service, from small startup WhatsApp Inc. is operated from San Francisco, is not so sure, even the failure resistant, as would be expected from a market leader.
Anyone can recreate the password
The British web developer Sam Granger has in his blog suggests that any reasonably ambitious hacker may have one or more accounts Whatsapp hijack problem. Then he could either intercept messages, or on behalf of hacking victim even send messages.
The problem is Whatsapp is designed so that the hurdle to entry for new users is minimized. You must not create your own combination of username and password, instead of Whatsapp client sets the login information from existing information on the phone.
When username is - simply and clearly - the phone number for the password WhatsApp uses at least on Android phones, the unique IMEI serial number of each mobile device as the basis for the calculation.
Granger found out: In order to generate the password from the IMEI, which returns app only the order of the number, and the number sequence can then encrypt with the long-known to be unsafe MD5 algorithm. In short, anyone who knows the IMEI of a phone can it replicate the password.
Whatsapp users as victims of spam and fraud emails
On previous post i have discussed about whatsapp willl charge the android users. Besides that below i will explain the decreased security system on this messenger apps. Many apps use the IMEI (what is imei on android) also for the unique identification of the phone, every installed program can access the information and store it in an external database. If - as has happened in the iPhone this week - such a generated database of phone serial numbers are public, the Whatsapp accounts of users were compromised, and could for example targeted for mass spamming or fraud messages are abused.
The vulnerability appears in hacker circles to be known - at various gray market sites are already on offer databases of Android phone with matching serial numbers listed mobile numbers under the Whatsapp heading.
Whatsapp messages in the wireless network to listen
Whatsapp in the past has been criticized frequently for vulnerabilities: Last year, a security vulnerability has been known to the hacker could steal any Whatsapp account.
Next to Whatsapp can easily shut out completely by cell phone: T-Mobile users suffer as currently at an exit after the Telekom blocked in an update the appropriate network ports. Telekom specifies the lock was made by mistake, and would fix it as soon as possible.
Comments
Post a Comment