Home / News / WhatsApp ranked worst in security,Now its Hacked

WhatsApp ranked worst in security,Now its Hacked

What’s App you may have heard this name so many times.Infact according to a study found that whats app is used more by the INDIANS..

Q.What is WhatsApp?

WhatsApp is an instant messaging app for smartphones that operates under a subscription business model. The proprietary, cross-platform app uses the Internet to send text messages, images, video, user location and audio media messages.

Q.How does it works?

WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).Upon installation, it creates a user account using one’s phone number as the username (Jabber ID: [phone number]@s.whatsapp.net.

WhatsApp software automatically compares all the phone numbers from the device’s address book with its central database of WhatsApp users to automatically add contacts to the user’s WhatsApp contact list. Previously the Android and S40 versions used an MD5-hashed, reversed-version of the phone’s IMEI as password,while the iOS version used the phone’s Wi-Fi MAC address instead of IMEI.A 2012 update now generates a random password on the server side

WhatsApp is supported on most Android, BlackBerry, iPhone, and Nokia smartphones. All Android phones running the Android 2.1 and above,

Q.why whatsApp is related to facebook

On February 19, 2014, months after a venture capital financing round at a $1.5 billion valuation,Facebook announced it was acquiring WhatsApp for US$19 billion, its largest acquisition to date.Facebook, which was advised by Allen & Co, paid $4 billion in cash, $12 billion in Facebook shares, and an additional $3 billion in restricted stock units granted to WhatsApp’s founders (advised by Morgan Stanley), Koum and Acton. Employee stock was scheduled to vest over four years subsequent to closing. The transaction was the largest purchase of a company backed by venture capitalists to date. Days after the announcement, WhatsApp users experienced a loss of service, leading to anger across social media.

And now here comes the Hottest news your waiting for

Later few months ago “WhatsApp has been ranked worst in security by experts” But no one seems to care.

Security experts have discovered a flaw in Facebook-owned messaging app WhatsApp which allows malicious actors to hack users’ computers by disguising malware as perfectly innocent contact cards and other files.
wapp2The problem lies in the web version of WhatsApp failing to properly verify vCard files, according to research firm Check Point, which discovered the flaw. vCards are digital business cards commonly sent via text message. Check Point discovered it was able to change the file extension of a vCard, which ends in “.vcf”, to “.exe” (executable file) or “.bat” (batch file) without WhatsApp noticing. That means a hacker can disguise malicious code as an innocent looking contact card.                                wapp3

Worse still is that hackers could also change the icon of the malicious file to further trick the victim into downloading it.

wapp8

“Once such a contact is created, all an attacker has to do is share it via the normal WhatsApp client,” Check Point wrote on its blog.

All versions of WhatsApp Web after v0.1.4481 are immune from the attack.

Check Point said users should clear their browser cache to ensure they are safe from the hack.

WhatsApp has already pushed the fix to all users. However, if they had not been responsive, Check Point would have generated IPS [intrusion prevention system] and endpoint protection [technology] to protect customer endpoints,”

Note: This is not the first time whatsApp has undergone security issues..whatsApp is facing this problems since facebook brought it from Brian Acton and Jan Koum, both former employees of Yahoo!.For US$19 billion, its largest acquisition to date.

Security problems faced by WhatsApp till now

  • In May 2011, a security hole was reported which left WhatsApp user accounts open for session hijacking and packet analysis. WhatsApp communications were not encrypted, and data was sent and received in plaintext, meaning messages could easily be read if packet traces were available
  • In September 2011, WhatsApp released a new version of the Messenger application for iPhones, closing critical security holes that allowed forged messages to be sent and messages from any WhatsApp user to be read
  • On January 6, 2012, an unknown hacker published a website that made it possible to change the status of an arbitrary WhatsApp user, as long as the phone number was known. To make it work, it only required a restart of the app. According to the hacker, it is only one of the many security problems in WhatsApp.
  • On January 9, WhatsApp reported that it had resolved the problem, although the only measure actually taken was to block the website’s IP address
  • On January 13, 2012, WhatsApp was removed from the iOS App Store, and the reason was not disclosed; however, the app was added back to the App Store four days later. WhatsApp was removed from Windows Phone store because of some technical problems, The app was added back to the Store on May 30, 2014
  • In May 2012, security researchers noticed that new updates of WhatsApp no longer sent messages as plaintext, but the cryptographic method implemented was subsequently described as “broken”.
  • On January 21, 2015, WhatsApp launched a web client which can be used from the browser. It had two security issues that compromised user privacy: the WhatsApp Photo Privacy Bug and the WhatsApp Web Photo Sync Bug
  • As of June 12, 2015, WhatsApp scored 2 out of 7 points on the Electronic Frontier Foundation’s secure messaging scorecard. It lost points because communications are not encrypted with a key the provider doesn’t have access to, users can’t verify contacts’ identities, past messages are not secure if the encryption keys are stolen, the code is not open to independent review, and the security design is not properly documented.

WhatsApp has been ranked worst but still many users continue to use whatsApp

Subscribe to our Newsletter for more latest technology news

About Jay Kumar Ryan

Check Also

Windows 10 S Launched by Microsoft Takes on Chrome OS

Microsoft Launches Windows 10 S Microsoft is launching a new Surface-branded device today: the Surface …

One comment

  1. Its like you read my mind! You seem to know so much about this, like you wrote the e book in it or something. I feel that you could do with a few percent to drive the message home a little bit, but other than that, that is excellent blog. An excellent read. I’ll certainly be back.

Leave a Reply

%d bloggers like this: