- Reddit AITA: Man verbally abused partner through cat impersonations Monday 7:18 PM
- Facebook finally lets you kill distracting navigation bar notifications Monday 6:14 PM
- Artist says Thinx underwear campaign ripped off their memes (updated) Monday 5:48 PM
- Google reportedly gathering millions of Americans’ personal health records Monday 5:00 PM
- Trina goes off on Walmart shopper who allegedly called her the ‘N-word’ Monday 4:14 PM
- Bored of Helvetica? iOS users finally have some new font options Monday 4:00 PM
- Amid panic, YouTube says new terms of service won’t impact creators Monday 3:56 PM
- Opposing sides fight to control online narrative over Bolivian ‘coup’ Monday 3:50 PM
- How to sign up for the Disney+ bundle Monday 3:35 PM
- Instagram covers video costs for celebs who don’t get political Monday 3:30 PM
- T.I.’s daughter apparently unfollowed her dad on Instagram after hymen comment Monday 3:26 PM
- Meet ByteDance, the Chinese tech company behind TikTok Monday 3:09 PM
- Everything you need to know about investing app Robinhood Monday 2:44 PM
- How to stream 49ers vs. Seahawks on Monday Night Football Monday 1:43 PM
- Cops cuff Black man for eating sandwich on subway platform Monday 1:29 PM
If you have Android, Hackers can read your WhatsApp chats
Spying is what’s up on WhatsApp.
WhatsApp users on Android should know that someone could be reading the content of their chats, chuckling along with every corny joke you make, or doing way creepier thing with every flirtatious message sent. Consultant and CTO Bas Bosschert discovered a disturbing hole in WhatsApp security that allows people to upload and read Android WhatsApp chats.
Bosschert outlined the chat-stealing process on his blog: Because Android stores WhatsApp conversations on SD cards, hackers need to remotely access the SD card through another app. Then they need a place to store the WhatsApp database, like a webserver. Then they need to put a malicious Android app on the user’s phone; this malware will download the WhatsApp database onto the server.
WhatsApp tightened its security so would-be hackers can’t de-encrypt using SQLite. But they can de-encrypt the database using a Python script.
I would never be able to hack WhatsApp because I don’t know how to do any of that stuff, but for Bosschert, exploiting this security breach was no problem. He double-checked that this security weakness was still present after WhatsApp updated this week, and was still able to hack onto the conversations of others.
Bosschert only went through the hacking process as a demonstration, but he noted that this security failure had already been exploited. “It has been done in the past by other people,” he said, discussing how Google had to remove a game called Balloon Pop 2 from the Play store after it turned out the app was actually a backdoor way to spy on people’s WhatsApp chats. People are already trying to do this. It’s startling that there hasn’t been a comprehensive fix for this glaring security failure.
To be fair, this kind of security problem is not entirely WhatsApp’s fault, since it’s not a bug on the app, but rather a design issue for Android –though the design of WhatsApp doesn’t compensate for Android’s lagging security. But it is WhatsApp’s fault for allowing it to continue without making fixes, or at least alerting users to the fact that randoms could be reading their sexts.
Bosschert had some suggestions about how WhatsApp could improve security. “They could move the database backups to the protected space on the mobile devices. Or they could create an unique device created encryption key which they store in the protected space,” he told Daily Dot.
And WhatsApp users with iPhones shouldn’t get cocky, because your chats could be exposed if you use the app to talk with people on Android.
Kate Knibbs is a notable tech reporter and pop culture essayist. A former staff writer for the Daily Dot, her work has appeared in Gizmodo, the Ringer, AV Club, Digital Trends, Popular Mechanics, and Time.