The vulnerability of WhatsApp peeked at the contents of chat turned out not to be solved by the update

ByR Sameer

A chat application acquired by investing a huge amount of money that Facebook is $ 16 billion (about 1.64 trillion yen)WhatsAppHowever, it was pointed out that the vulnerability that a third party can peep for a chat of Android smartphone users has been pointed out for some time. Though it seemed to me that the latest update addressed this danger, it turned out that it was easy to avoid this countermeasure in other ways.

Steal WhatsApp database (PoC) | Bas Bosschert
http://bas.bosschert.nl/steal-whatsapp-database/

WhatsApp 2.11.186 Update Offers New Privacy Settings, 'Pay For A Friend,' And More
http://www.androidpolice.com/2014/03/10/whatsapp-2-11-186-update-offers-new-privacy-settings-pay-for-a-friend-and-more/

If you use WhatsApp with Android smartphone, you can access the WhatsApp chat database if you can save the contents of the chat to the SD card, if you use "application with access rights to SD card" the user uses on the smartphone . For this reason, WhatsApp addressed this vulnerability by encrypting the database with the latest version 2.11.186 released the other day.


However, security consultant Bus Boschart, on his own blog, has revealed that the security hole is still not filled by this WhatsApp update. WhatsApp encrypted the database, but Boschart said that it could be easily deciphered by the open source tool called Xtract that is used to streamline the backup of chat data to smartphones. Mr. Bosh Chart reports that the decryption script in the blog was easy to decipher by exemplifying it.


This vulnerability is the most fundamental problem that many Android apps require extremely broad access rights to SD cards and networks, and it can not be said to be a problem only with WhatsApp. For example, in the iOS application, access rights to data are only allowed for data in the application, so you can not access data from other applications. For this reason, the similar vulnerability was not found in WhatsApp of the iOS application version. However, if the iPhone / iPad user can rest assured that it is not the case that the chat partner is an Android smartphone user, there is a danger of being peeping at the contents of the chat, which is the same, and the weakness of the Android version application pointed out Sex seems not to be a fire on the opposite shore for iPhone / iPad users either.