WhatsApp: Breaches and Oversights Brought to Light, after Facebook Deal
Facebook has brought WhatsApp under its wings, paying quite a monetary counterweight in return. However, ever since the deal has been reached the app has gained more reputation than ever before. This has in turn triggered more thorough research, as to the overall quality of services that it provides. In fact, a lot of disturbing revelations have been made so far by respected specialists in the field of encryption. Even though they are common practice for security firms and app services, these breaches and flaws should not be dealt with lightly in the case of WhatsApp. Just think of the impact of theirs when interacting with Facebook and the abundance of data that it can compromise eventually.
Some of the flaws that have been highlighted from Praetorian’s researcher, Paul Jauregui, have to do with the lack of SSL certificate encryption and the support of null ciphers. The former could lead to man in the middle attacks, whereas the latter turns to no encryption at all, if such is not supported by the server. Additionally, there are options when SSLv2 is used and it has been proven less effective.
Runa Sandvik on the other hand, who has been working for Tor for a long time, stressed out that there is regular monitoring of crucial data performed by WhatsApp. Although there are no ads, the outcome remains threatening due to the fact that mobile phone numbers are compromised. Along with the phone numbers, data intercepted includes IP addresses and the browsing history of the users. Runa Sandvik tweeted that, however frequent such flaws might be among security firms and apps, they are really frightening when combined with the gigantic data featured in Facebook. We think so too, of course!