A security researcher has revealed that the encryption techniques used in WhatsApp are not upto the mark to correctly encrypt the user information that’s being transferred from the app. He has also revealed that the users’ phone numbers are sent in plain text, making no difference in encrypting the data.
WhatsApp is one of the most popular replacements for SMS messaging across different platforms, and the app developers incorporated encryption methods in a recent update. But then, a security researcher has revealed that these encryption and hashed data can be reversed very easily and any hacker could use it to exploit the messages that are being transferred through the app.
In WhatsApp for Android, the md5 hash that the app is using was easy to reverse. And when reversed, the information obtained was the IMEI number of the device which’s sending this message. Whereas in the iOS app, the password that’s being used is the WLAN MAC address, which can also be simply reversed to reveal the password.
Moreover, the hacker has also given some steps to try this trick out yourself, and this is not all. The researcher has also revealed what request WhatsApp sends to its servers to match the contacts in your list who have got WhatsApp enabled.
Having said this, looks like the encryption in WhatsApp is not great, and is so very broke at the moment. The researcher has also recommended not to use WhatsApp. By this time, WhatsApp developers should have heard this and if this is a news to them, they must be hiring some good hackers to fix the things that are broke.
Image Source: SimonQ via Flickr