WhatsApp Private Messages Reportedly at Risk Due to Security Flaw

WhatsApp Private Messages Reportedly at Risk Due to Security Flaw

An IT consultant claimed he has found a security flaw in the Android version of popular instant messaging software, WhatsApp. By using a malware with unrestricted access to the Android device's SD card, a hacker is able to extract WhatsApp private messages, and upload them without the owner's knowledge.

(Image Source: Bas Bosschert’s Blog via Ars Technica)

In his blog, IT consultant, Bas Bosschert posted sample codes that can be added to a piece of malware. If the Android user happens to install the application, and grants it full access to his device’s SD card; the malware is able to steal private messages stored in WhatsApp system files. This is possible because WhatsApp stores chat history on the SD card, by default. Therefore, the user’s private messages can be potentially uploaded to an external server, without his permission and knowledge.

According to the Google Play’s policy guidelines and practices, applications that specifically collect a user’s information without his permission are banned; however, this hasn’t stopped hackers from uploading malware to Google Play. As a word of caution, users of Android smartphones should be more careful when granting permissions to their installed applications. As observed by Ars Technica, the new owner of WhatsApp, Facebook may just be working on patches to this security flaw, "given Facebook's track record for producing secure code and services."

(Source: Bas Bosschert’s Blog via Ars Technica, Google Play, WhatsApp)

All News Categories

News for Past 12 Months

Subscribe to HWZ Here!

Subscribe now to receive latest tech news, articles and promotions straight to your inbox!
By signing up, you indicate that you have read and agreed to the and .

Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.