Tuesday, May 1, 2012

WhatsApp Security concerns

In May 2011 there was a security hole reported in WhatsApp which left user accounts open for hijacking.[8] According to some sources, it is believed that this hack was performed, and later fixed by helping WhatsApp reproduce it on Android and Symbian, by Liroy van Hoewijk, CEO of CoreISP.net.[9][10]
Communications made by current WhatsApp versions are not encrypted, and data is sent and received in plaintext, meaning messages can easily be read if packet traces are available.[11]
In September 2011 a new version of the WhatsApp Messenger application for iPhones was released. In this new version, the developer has closed a number of critical security holes that allowed forged messages to be sent and messages from any WhatsApp user to be read.[12]
On January 6, 2012 an unknown hacker published a website (WhatsAppStatus.net) which made it possible to change the status of an arbitrary whatsapp user, as long as the phone number was known. To let it work it only required a restart of the app. According to the hacker it is only one of the many security issues in Whatsapp. On the 9th of January Whatsapp reported to have implemented a final solution. In reality the only measure that was taken was blocking the website's IP-address. As a reaction a Windows tool was made available for download providing the same functionality. This issue has not been resolved until now. The first notification of this issue has been reported to Whatsapp in September 2011.[13][14]
On January 13, 2012, Whatsapp was pulled from the iOS App Store. The reason was undisclosed. The app was added back to the App Store 1 week later.[15]