Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Private chat on WhatsApp for Android may not have been so private

(Tech News) WhatsApp on Android is said to have a workaround for hackers and developers that allows private chat logs to be extracted.

whatsapp

whatsapp

Forget TINSTAFL, remember TINSTAP

Messenger app, WhatsApp has recently been acquired by Facebook for $19B, and today they unveil a gorgeous redesign. It’s been a great year for the team.

But now, a dark cloud is hovering over the company, as security consultant, Bas Bosschert uncovered a way for Android developers and hackers alike to easily access WhatsApp chat logs.

bar
The circumstances involve SD storage of the chat program’s backup database, and Bosschert walks through how developers who need access to large storage on any device would be able to see the database once given permission through an app, and hackers can use the same channel to simply access the database via malware.

Bosschert had a conversation with his brother on the topic and discovered the workaround based on the possibility of uploading and reading the chat logs from another Android application. He details the process of using a PHP script, an Android application asking for phone access, a web server and some XML file edits to be able to pull down the data from an Android device.

Then, he says that with a key readily available on the Internet, the downloaded database is pulled over to Excel, where the data is then decrypted with a Python script revealing user chat history from the backup database WhatsApp writes to memory.

Advertisement. Scroll to continue reading.

WhatsApp reacts

WhatsApp has responded by improving their database encryption and offloading it from a hard-cded key for all devices, implementing use of “the account name to create a device (account) unique encryption key,” according to Bosschert.

Bosschert has outlined a way that even with the new encryption, a few extra steps taken leads to the data still vulnerable to extraction.

A spokesman for WhatsApp tells TechCrunch that Bosschert’s claims “have not painted an accurate picture and are overstated.”

Why Android and not iOS?

What cannot be debated is the fact that Android offloads larger files onto expandable memory, and while most conditions would require malware to be loaded specifically seeking to compromise a device to access the logs, but given current privacy and security concerns over data, this information could still be accessed by legitimate developers unbeknownst to users after given access to at least the SD card.

Apple’s iOS does not have this problem, since the operating system sets up each application within their own sandbox, generally not allowing apps to access data outside of it.

Advertisement. Scroll to continue reading.

Written By

Marti Trewe reports on business and technology news, chasing his passion for helping entrepreneurs and small businesses to stay well informed in the fast paced 140-character world. Marti rarely sleeps and thrives on reader news tips, especially about startups and big moves in leadership.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisement

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Social Media

Meta seeks to calm fears after confirming they've awarded a hacker for discovering a bug that allowed anyone to bypass 2FA on Facebook.

Social Media

The neutral Oversight Board gives Facebook a laundry list of suggested changes to their VIP accounts 'cross check' system.

Social Media

We all know what happens to curious cats, and the same principle applies to this new TikTok trend. One click, and you could be...

Social Media

WhatsApp is a well-known messaging platform with over 2 billion monthly users. They just unveiled communities where you can post and chat.

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.