If you're
using an Android mobile phone, chances are that you're in regular touch with
your dear ones through WhatsApp? So what's the big deal, you might ask? Well, it’s
now a matter of concern and users must be very careful about the information they
share on this instant messaging app - WhatsApp. No form of digital
communication is entirely secure nowadays, including mobile chat applications. By
using miscreant apps and a few scripts, anyone can steal your chats and can
check what you talked about with anyone.
A Dutch
Security Consultant found out that all the WhatsApp chat logs are saved in the phone's
SD card which is easily accessible and readable by other apps because of the
way Android allows sharing of data between apps.
Any database which is saved on an Android SD card can be read by any other
Android application if the user allows it to access the SD card and this
is not at all a big task because majority of users allow access to everything
on their mobile devices by default. This information was shared by Bas Bosschert in one of his blogs. Further
Bas Bosschert explained the answer to "What do we need to steal someone's
WhatsApp database? For this, he highlighted that we just need a place to store
the database, and an Android application which uploads the WhatsApp database onto
a website."
To
elucidate, he created an Android Application by setting up a web server which
required special permission from a user’s phone. But because Android OS allows
applications to access various parts of the phone, as a result, users can
conveniently share almost everything through any app on Android phone. Due to
this glitch, his application didn’t find any difficulty in gaining access to
WhatsApp data of other users.
Malicious
users or hackers can easily use this method to gain access and breach the
privacy of a WhatsApp user. Older versions of WhatsApp were so insecure that
they didn't even encrypt their data stored on SD card and it could be read by
anyone once it was uploaded on the web server. Even the new version of Whatsapp
which uses encryption is not as safe since data can still be accessed with
ease.
The entire
WhatsAppp database is a SQLite3 database which can be easily converted to Excel
and can be accessed by anyone. Using a few smart tactics, even the encrypted
databases are vulnerable to intruders. Although
iPhone or Windows phone devices give limited access to storage and hardware,
their data is still exposed to rogue apps.
For more visit at http://www.koenig-solutions.com/
No comments:
Post a Comment