Given this week’s leak of over 1 million unique Apple device IDs, mobile security has been on a lot of minds. One web developer is now calling attention to a possible security risk in the popular WhatsApp messaging service on Android that could result in messages being intercepted or spoofed.
WhatsApp has become immensely popular – it recently hit a new record of 10 billion messages sent and received in a single day, but that popularity could make it a prime target for hackers and scammers.
Sam Granger (via Hacker News) notes that WhatsApp for Android is insecure because it uses a phone number for a username and a modified version of the IMEI number (inverted with an MD5 cryptographic hash, in case you were wondering) as a password. IMEI, or International Mobile Equipment Identity, is a number used for identifying certain types of phones.
The iPhone version of the app does not appear to have the flaw. Granger said he didn’t know whether the Windows Mobile and BlackBerry versions use the same password generation method.