Android WhatsApp security flaw allows download of messages

12 Mar 20144 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A flaw has been discovered in WhatsApp’s Android version that supposedly lets a third-party access and download a user’s messages onto a server without his or her knowledge.

Bas Bosschert, a Dutch security consultant, made the discovery. Bosschert saw that with a little coding trickery, it was relatively straight-forward to download a person’s messages in one bulk download.

On his blog post, Bosschert explains how people’s lack of security settings on their phone means that they are leaving their phone open to this problem: “The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card, and as the majority of people allow everything on their Android device, this is not much of a problem.”

Currently, an Android user can either allow its apps have access to the SD card in the phone, or else not at all with no individual apps allowed to have specialised access or restrictions.

An app developer can now download this data with access to the SD card and place it on their own server.

This is not the first instance of WhatsApp having a flaw in its security program as last October it was shown that through simply monitoring a message transferring the data between its servers, a person could easily decrypt its contents.

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Colm Gorey is a journalist with Siliconrepublic.com

editorial@siliconrepublic.com