Android WhatsApp Liable to TheftAdded: Sunday, March 23rd, 2014
Category: Bit Torrent Freedom > The Industries Of Records, Gaming, Software, Movies
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
Security researchers have just discovered security flaw in Android version of WhatsApp, which stores user database on SD card with poorly secured encryption keys and thus can allow another app to upload your entire database of chats to a 3rd-party server, without your consent.
The flaw in question stems from the Android OS’s handling of external storage coupled with lax security standards of the app. Security experts point out that the flaw allows any Android app with access to the phone’s SD card to read and upload WhatsApp’s database. Taking into account that the majority of users allow everything on their Android device, it isn’t much of a problem.
Android’s fault isthat the OS only allows all-or-nothing access to the SD card. This means that any app able to read and write to the external storage can also access data other apps store there. Aside from the fact that WhatsApp uses that external storage to hold its database, on its earlier versions it does so without any encryption at all. As for its later versions, which encrypt the database, they do so with a key which can be easily extracted from the app. As a result, any app can read the WhatsApp database and the chats from the encrypted databases.
So, what’s the way out? To avoid the risk of having your chats stolen, be wary of granting suspicious apps access to your SD card. It is still unclear whether WhatsApp or Android itself is more to blame for the vulnerability. Android’s policy of allowing total access to the external storage differs from Apple’s far more controlled security on iOS devices. Apple “sandboxes” each app in a way that prevents others from accessing its data.
In the meantime, Android openness allows developers to create apps which can’t be run on an iOS device, but opens up the risk of flaws like this one. This isn’t the only security hole at WhatsApp, by the way. A few months ago, security researchers proved it was possible to decrypt messages sent thanks to data gained through eavesdropping on the WhatsApp connection.
Moreover, one of the flaws which enabled this latest attack has been known about for at least a year, because tool used to decrypted the database was released back in 2012. Probably, this is why Germany’s privacy regulators recommended all WhatsApp users to switch to a more secure service this past February.
March 23rd,2014Posted by:
Sunday, March 23rd, 2014
|Yes best way is clear your chat after you leave the conversation or install good A/V...|
|here is a even better idea... CALL THEM INSTEAD!|
|the phone ?? BAH thats just as bad,.......u got to use carrier pigioens to move our letters|
|simply root the android|
install droid wall/fire wall
now select only those apps you want to access to internet.....
|....Aside from the fact that WhatsApp uses that external storage to hold its database.... Total BS. It doesn't use external storage.|
....Apple’s far more controlled security on iOS devices.... Ha Ha Ha Ha
Completely agree with monu987 + there are apps which can restricts other apps to browse any files which you don't want them to.
|Now facebook have whatsapp, why stay at all move to telegram and a +1 for droidwall|
|posted by (2014-03-25 11:38:54)|
|we should start using telegram ...|
|I am sure this was not by accident|
|posted by (2014-03-25 14:05:44)|
|this is an attack on android by other os maybe windows or anapple iOS, n it is not clear which Security researchers have just discovered security flaw, is it burmese security researchers?? or ?? Lol!|
|ios is more controlled and that's why people don't buy i-phones because ppl don't have control on the device they have invested upon..|
whatever anyone says.. i-phone sucks, android rocks.
|posted by (2014-03-27 01:03:52)|
|hmmm Iphone have always been low on my esteem list due to proprietary software and its requiring jailbreaking to allow end users to use it as they wish which in itself invalidates any warranty they nay have on them.|
As far as security goes at this time it seems that the only real security is from Blackphones which at around 380 GBP are the cheaper choice given IPhones are around 500 to 600 GBP in the UK,built on Android the Blackphone ships with 2 years free silent circle subscription and a package of goodies that make the phone hack proof with secure encrypted comms,online storage etc,etc,I see this as one way to go since whatsapp exploits and vulnerabilities in Samsung phones etc do nothing for peace of mind let alone ones privacy and security.
|@11 hello & welcome ET chat page link is situated to the left margin on site page.||
Most Popular Stories