WhatsApp messages may not be private after all, claims security researcher

A security consultant has found a vulnerability in WhatsApp’s database, which he claims would allow hackers to access private chats via downloaded Android apps.

Bas Bosschert revealed that as the WhatsApp database is saved on the mobile’s SD card which can be read by any Android app if user enables accessing it.

Further, Bosschert converted WhatsApp’s SQLite3 database to Excel and the decrypted it by a simple python script which converts the crypted database into a plain SQLite3 database.

"So, we can conclude that every application can read the WhatsApp database and it is also possible to read the chats from the encrypted databases," Bosschert said.

"Facebook didn’t need to buy WhatsApp to read your chats."

Bosschert also found that WhatsApp uses the same encryption code to carry out back up mechanism for every user, which would further store back up in database with vulnerable storage and allow chats to be read and pinched by another app.

Last month, Facebook acquired WhatsApp, in what is said to be its largest acquisition to date, while recently the US Electronic Privacy Information Center (EPIC) has sought to stop the acquisition over fears that data would be used into Facebook’s ad business.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing