Facebook recently made headlines when announcing the purchase of WhatsApp for a whopping $19 billion. The big acquisition also attracted security experts to review security flaws within the WhatsApp infrastructure. It has been widely reported by security experts in the past that WhatsApp contained some serious flaws with their encryption and that messages sent by some 450 million users, could be sniffed using vulnerabilities in their SSL platform.
According to WhatsApp the communications between the device and their servers is fully encrypted. They also state that messages get deleted from their servers as soon as they are delivered. The problem lies with known vulnerabilities with their SSL system that allow a man-in-the-middle interception of data. Ultimately, a window of time where data is not yet encrypted is exploited to bypass security and sniff the data packets. This type of data interception is commonly used by NSA type spying entities and believed to be widely used for corporate spying.
Worldwide criticism has been floating around WhatsApp for a long time now. One of the first vulnerabilities was found back in May of 2011, where a flaw was making it possible to spoof the device’s phone number during registration. These flaws we’re not addressed properly and we’re never fully resolved. Sniffing data from users on Wi-Fi was reported to be very easy. The design flaws kept on being reported and little effort came through from WhatsApp to resolve them, very often patches we’re quickly discovered to only be partially effective.
German data commissioner from the state of Schleswig-Holstein, recently presented his concerns over privacy and security of user-data not complying with European data protection rules. Officials suggested that the public should give up WhatsApp for better secured and trusted applications.
The average consumer is not informed. With Facebook acquiring WhatsApp, users downloading the app have already started increasing considerably. The big concern is in the popularity of the app. Due to someone having all their friends using it, it would be near impossible to pick an alternative option. Just like hardcore BBM users, WhatsApp users will remain loyal, possibly not having concern for their data, or not knowing of the dangers. It’s also important to note that almost all messaging apps have security flaws. At this time, almost all developed software is not up to par, security is wide open on many platforms.
By now WhatsApp should have addressed the flaws in their system. After all, only they can address this properly. Given enough effort, these issues can be patched properly and user data can be secured. Now with Facebook leading the helm, it’s to be seen how the combination of these two data monsters will turn out, the value of the data is hard to gauge, and although Facebook is pushing to express their focus on security, only time will tell.