Vulnerability in Whatsapp Allow Hacker to Access User Chat Conversation.
https://softtechnew.blogspot.com/2014/03/vulnerability-in-whatsapp-allow-hacker.html
A Security Researchers has found a Bug in WhatsApp encryption which allow Other apps to access and read all of a user’s chat conversations within it.
Further he has posted his own method for hacking WhatsApp chats, and confirms that the Bug still exists after yesterday’s big Android update. Here’s how it works: WhatsApp for Android saves chat conversations on the phone’s SD card, which is easily accessible by many other apps on the phone as long as the user gives those apps the permissions when they ask (many apps ask for full access to the phone).
This is an infrastructure problem for Android more than a security flaw on the part of WhatsApp. From there, a Malware could access the WhatsApp chat database.Users will note that this is hardly a hack but more of a problem with Android’s data sandboxing system.
Security Researchers built an app to test the Bug, and used a cute loading screen to involve the user while the database files were being uploaded.
In latest releases WhatsApp starts encrypting the database to the point where it can not be opened by SQLite, but Security Researcher reports that they can decrypt the database with their own Python script. Facebook will definitely improving WhatsApp security in the next few weeks following the $19 billion acquisition. But this brings up, yet again, questions about Android infrastructure.
On Android, many apps have full access to the smartphone – many of tehm do – can access data from other apps and can upload it to third parties.
By comparison with Apple, Apple doesn’t allow access to data outside of any app, which stops malicious developers from tinkering with your data through a fake app, as described above.
Further he has posted his own method for hacking WhatsApp chats, and confirms that the Bug still exists after yesterday’s big Android update. Here’s how it works: WhatsApp for Android saves chat conversations on the phone’s SD card, which is easily accessible by many other apps on the phone as long as the user gives those apps the permissions when they ask (many apps ask for full access to the phone).
This is an infrastructure problem for Android more than a security flaw on the part of WhatsApp. From there, a Malware could access the WhatsApp chat database.Users will note that this is hardly a hack but more of a problem with Android’s data sandboxing system.
Security Researchers built an app to test the Bug, and used a cute loading screen to involve the user while the database files were being uploaded.
In latest releases WhatsApp starts encrypting the database to the point where it can not be opened by SQLite, but Security Researcher reports that they can decrypt the database with their own Python script. Facebook will definitely improving WhatsApp security in the next few weeks following the $19 billion acquisition. But this brings up, yet again, questions about Android infrastructure.
On Android, many apps have full access to the smartphone – many of tehm do – can access data from other apps and can upload it to third parties.
By comparison with Apple, Apple doesn’t allow access to data outside of any app, which stops malicious developers from tinkering with your data through a fake app, as described above.
Post a Comment