WhatsApp para Android podría ser vulnerable al hackeo debido a fallo de Contraseña basada en IMEI TheNextWeb : WhatsApp for Android could be vulnerable to hijacking due to IMEI-based password Given this week’s leak of over 1 million unique Apple device IDs, mobile security has been on a lot of minds. One web developer is now calling attention to a possible security risk in the popular WhatsApp messaging service on Android that could result in messages being intercepted or spoofed. WhatsApp has become immensely popular – it recently hit a new record of 10 billion messages sent and received in a single day, but that popularity could make it a prime target for hackers and scammers. Sam Granger (via Hacker News) notes that WhatsApp for Android is insecure because it uses a phone number for a username and a modified version of the IMEI number (inverted with an MD5 cryptographic hash, in case you were wondering) as a password. IMEI, or International Mobile Equipment Identity, is a number used for identifying certain types of phones. The iPhone version of the app does not appear to have the flaw. Granger said he didn’t know whether the Windows Mobile and BlackBerry versions use the same password generation method. Granger’s post isn’t particularly new information, as the WhatsApp Wikipedia entryalready says that the service uses the phone number and IMEI…continue reading » [Via] TheNextWeb (Josh Ong) | 
Zoom

WhatsApp para Android podría ser vulnerable al hackeo debido a fallo de Contraseña basada en IMEI

TheNextWeb :

WhatsApp for Android could be vulnerable to hijacking due to IMEI-based password

Given this week’s leak of over 1 million unique Apple device IDs, mobile security has been on a lot of minds. One web developer is now calling attention to a possible security risk in the popular WhatsApp messaging service on Android that could result in messages being intercepted or spoofed.

WhatsApp has become immensely popular – it recently hit a new record of 10 billion messages sent and received in a single day, but that popularity could make it a prime target for hackers and scammers.

Sam Granger (via Hacker News) notes that WhatsApp for Android is insecure because it uses a phone number for a username and a modified version of the IMEI number (inverted with an MD5 cryptographic hash, in case you were wondering) as a password. IMEI, or International Mobile Equipment Identity, is a number used for identifying certain types of phones.

The iPhone version of the app does not appear to have the flaw. Granger said he didn’t know whether the Windows Mobile and BlackBerry versions use the same password generation method.

Granger’s post isn’t particularly new information, as the WhatsApp Wikipedia entryalready says that the service uses the phone number and IMEI…continue reading »

[Via] TheNextWeb () | 

blog comments powered by Disqus
To Tumblr, Love Pixel Union