Whatsapp is one of the most popular instant messaging services in the world, and nobody has ever expressed concern over its security measures. Until now. Consultant Bas Bosschert has revealed a flaw with how the app stores message histories; one that allows any other app to send the information anywhere in the world and read by anyone.
This is done due to the fact that Whatsapp stores conversations in the SD card, which can also be accessed by any other app that has permission to read from the storage. Naturally, almost all apps ask for this permission. Bosschert has listed the code necessary to access and upload the information, which is surprisingly short and simple. He even provides extra code to disguise what the app is doing.
However, Whatsapp’s stored conversations are encrypted. Which would require some manner of breaking the code. Which unfortunately is very easy due to the existence of an open source tool known as Whatsapp Xtract. This program was originally intend to help people backup their histories and make it easier to browse through old conversations.
Chances are that Whatsapp is already working on fixing the issue. However, a comment on Ars Technica points out that Whatsapp uses AES security, with a fixed key that is the same for all installations. Changing this may require more than a few changes to the instant messaging app and may take time.
[source: Ars Technica, Bas Bosschert]
