WhatsApp chat log security vulnerability: what you need to know

Advertisement

Thanks to last month’s big Facebook acquisition, WhatsApp has been attracting a lot of attention lately. While that should only help grow its already impressively large 450-million-person-strong user base, that extra attention also means that more people are placing the app under a critical light. Today we learn of a potential security vulnerability in how WhatsApp saves logs of your conversations; what exactly is the problem here, and is it one you need to be concerned about?

WhatsApp uses your phone’s SD card for storage (whether physical or a virtual part of the internal file system), and that’s where it keeps a database containing the content of past chats. Problem is, with the lax security Android affords SD card data, that database is quite easy for another app on your phone to read (and then, if it were malicious, to send your chat data to some remote server).

There are already steps in place to limit the impact, like encrypting the chat database, but the problem here is that WhatsApp appears to be using a fixed key, which is the same across all devices – know that, and the encryption’s a non-issue.

So currently, other apps on your phone (with a little bit of doing) can read your WhatsApp chat history – that’s it. As such, we’re inclined to treat this as a relatively minor vulnerability; if malware’s getting on your phone in the first place, as it would have to in order to take advantage of this hole, you’ve got larger problems to deal with.

Maybe WhatsApp could make things a little more difficult for potential attackers by using a device-specific key for encrypting the chat database, but even lacking that, we’re not too worried here.

Source: Bas Bosschert
Via: RedmondPie

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!