The Daily Caller

The Daily Caller
A Whatsapp App page is seen on Facebook on a Samsung Galaxy S4 phone in the central Bosnian town of Zenica, February 20, 2014. Facebook Inc will buy fast-growing mobile-messaging startup WhatsApp for $19 billion in cash and stock in a landmark deal that places the world A Whatsapp App page is seen on Facebook on a Samsung Galaxy S4 phone in the central Bosnian town of Zenica, February 20, 2014. Facebook Inc will buy fast-growing mobile-messaging startup WhatsApp for $19 billion in cash and stock in a landmark deal that places the world's largest social network closer to the heart of mobile communications and may bring younger users into the fold. REUTERS/Dado Ruvic (BOSNIA AND HERZEGOVINA - Tags: BUSINESS) - RTX196E9  

WhatsApp security hole lets hackers steal conversations

A security vulnerability discovered and published by a chief technology officer and consultant Tuesday allows hackers to steal private conversations from Android users of WhatsApp, Facebook’s newest $19 billion messenger acquisition.

Bas Bosschert of website designer DoubleThink found the vulnerability in WhatsApp’s encryption, which allows other apps to access and read all of a user’s chat communications, TechCrunch reports. The security hole was still present after a major Android software update Tuesday.

The Android version of WhatsApp saves conversations on a smartphone’s SD memory card, which can also be accessed by numerous other apps with permission – most apps ask for full phone access upon being downloaded. That permission leaves open the potential for a malicious app to access the conversations, since they share the same storage space, and therefore, access.

According to the report and WhatsApp, that means the vulnerability is more of an unintended symptom of Android’s infrastructure for data storage.

An app built by Bosschert was able to successfully upload the chats stored in a phone while distracting the user with a loading screen, and he was able to decrypt the database with a custom script.

After spending the sizable investment to purchase WhatsApp, Facebook will likely tackle any gaping security issues without much delay – provided they can find a workaround for the inherent Android design issue highlighted by the problem.

Apple’s iPhone by contrast is designed to isolate each app’s data access to itself, and in general gives users far more control over app permissions than Android.

Follow Giuseppe on Twitter