As part of what is predominantly an Android security issue, a CTO and consultant has discovered a vulnerability in WhatsApp encryption that could allow another app to access and read all of a user’s chat conversations within it.
Bas Bosschert, the CTO at DoubleThink, has posted his own method for accessing WhatsApp chats, and confirms that the vulnerability still exists after yesterday’s big Android update.
Here’s how it works:
WhatsApp for Android stores conversations on the phone’s SD card, which is accessible by many other apps on the phone as long as the user gives those apps the permissions they ask for (many apps ask for full access to the phone). This is an infrastructure issue for Android more than a gaping security flaw on the part of WhatsApp.
From there, a malicious app could access the WhatsApp conversation database. Savvy users will note that this is hardly a…
View original post 169 more words