If you own an iPhone or an Android device, then the chances are high that you’re familiar with the extremely popular cross-platform messaging app, WhatsApp. The app has become insanely popular over the last couple of years due to the fact that it is a cross-platform messaging service that not only allows users to send text-based messages, but can also include photographs, videos and audio attachments that are then sent across the network to any device that has the app installed. Being able to offer a true cross-platform service that allows all different types of media to be sent and received without charge is definitely key to the success of the app.
Although extremely popular, it seems that some are now claiming that the Android version of WhatsApp could be vulnerable to intrusion, presenting a possible security risk to those who use the service on the Android mobile operating system. If there is one thing that we don’t need right at this minute is more security panics surrounding mobile devices. It does appear to be a case of the karma gods dishing out what’s coming, considering a large number of Android users would have found the leak of one million Apple device UDIDs particularly humorous this week.
The worry has always been that less than ethical individuals would be inclined to target the users of WhatsApp due to the fact that there are so many of them. The reasoning behind the security claim is that WhatsApp actually uses the subscriber’s phone number as a username, something that not everyone is happy about to begin with. To take things a little further, the app also uses a version of the device’s IMEI number as the main password, and although the IMEI is converted with an MD5 hash, it still causes concerns.
These two nuggets of information aren’t really anything new, but Sam Granger is pointing out that there are a number of relatively simple methods for individuals to actually acquire both of these important snippets of information, should they so desire. As part of his concerns, Granger has announced that he has already managed to take over the WhatsApp accounts of his friends, with their permission of course, and send and receive messages from them. If he can manage this, then he believes that more capable individuals are already surely doing this behind the scenes.