Update fixes critical vulnerabilities in Messenger smartphone
Since today is available in Apple's App Store, an updated version of the iPhone App "WhatsApp Messenger" for download. The manufacturer fixes to numerous critical security vulnerabilities, allow the addition to sending fake messages also being read messages from any user.
WhatsApp Messenger is a cross-platform service (available for iPhone, BlackBerry, Android and Nokia Symbian60) for exchanging messages. Since the data are transmitted over the Internet, arising from the use of WhatsApp depending on the data rate of the mobile contract, no additional costs. Many users use this service so as an alternative to SMS. In 16 out of 22 countries is the WhatsApp Messenger within the top 10 best selling apps.
To make use of the service as simple as possible, the placement of messages is based on the mobile numbers of participants. This is like the app after installing the phone numbers in his own address from a global address book on the WhatsApp servers. Their own contacts, who are already using the WhatsApp Messenger, then displayed as a favorite and can be contacted directly via the service.
But this approach has been questionable from a privacy perspective. Then there are the newly discovered vulnerabilities: By carefully manipulating the communication between the app and web service back end during the registration process, it is possible to take over any cell phone numbers and associated user accounts, reports the discovery of vulnerabilities, Andreas Kurtz. It is thus possible to read any messages or WhatsApp users to send messages under a false identity. Kurtz describes details in a blog entry.
The other platforms are supported by WhatsApp according to the manufacturer, not vulnerable, because here a new registration mechanism was used. Since then the Messenger was initially developed for the iPhone platform, is still outdated code was used. The vulnerability in the iPhone version but also users of other platforms were vulnerable.
No comments:
Post a Comment