According to security consultant Bas Bosschert (after posts first surfaced on the Hacker
News message forum), it's possible for others to see and steal your private WhatsApp chats through downloaded Android apps. This is due to an alleged issue within WhatsApp's back-up functionality.
WhatsApp said users will only be at a security risk if they download a malicious app or come across a virus.
"Under normal circumstances the data on a microSD card is not exposed," WhatsApp said in a statement to Mashable. "However, if a device owner downloads malware or a virus, their phone will be at risk. As always, we recommend WhatsApp users apply all software updates to ensure they have the latest security fixes and we strongly encourage users to only download trusted software from reputable companies."
WhatsApp highlights that phones in general are at risk when they come across malicious apps and the issue isn't specific to its own service.
Earlier this week, Bosschert detailed on his website that when you use the app's built-in back-up mechanism — to prevent losing messages after uninstalling/reinstalling the app or moving them to a new device — WhatsApp uses the same encryption code to protect you and everyone else (instead of creating a unique key for each user).
The WhatsApp database is saved on your phone's microSD memory card, which can be read by any Android app if a user gives it access to do so. This is a common practice in the app space (apps that want to store non-secure data would be interested), so if an app asks for SD card access many, in theory, would grant it.
WhatsApp recently released the latest version of the app in Google Play "to further protect our users against malicious apps."
Have something to add to this story? Share it in the comments.
No comments:
Post a Comment