Does WhatsApp Keep Your Data Secure?


If you’re Jan Koum, co-founder and CEO of WhatsApp, then your life, at least on the professional side, is going pretty well. Facebook recently worked out a deal to purchase Koum’s company for $19 billion, and Koum, if the deal passes regulatory scrutiny, will join Facebook’s board. WhatsApp has over 450 million average monthly users, and 70 percent of those users are active every day. The daily messaging volume produced by WhatsApp users approaches the daily SMS volume created by the entire global telecom industry.




Jan Koum does have two pressing concerns. First, regulators may shoot down the acquisition, but even if that happens, Koum still gets $1 billion in cash and $1 billion in Facebook shares for his trouble. Second, WhatsApp has been dogged both by privacy and data protection concerns. Consumers and businesses are understandably worried about data loss prevention and enterprise security, particularly as they watch more companies fall victim to massive and expensive data breaches. WhatsApp has some security work to do before it can earn full consumer confidence.


What’s Wrong With WhatsApp’s Security Infrastructure?

Around the time of the acquisition announcement, which took place in late February 2014, security experts discovered several SSL-related problems with WhatsApp. One company, Praetorian Labs, reported on multiple issues including SSL export cyphers support, which made the app susceptible to brute force attacks; null cypher support, which could result in unencrypted data being transmitted in plain text; and SSLv2 protocol support, which uses MAC encryption and is vulnerable to sniffing and man-in-the-middle attacks. According to Praetorian’s blog, the company’s Project Neptune tool could find no remaining traces of those vulnerabilities. However, WhatsApp still fails to enforce a process called SSL pinning.


SSL Pinning Explained

SSL pinning, according to OWASP, is the process of connecting a host to its expected public key. In some cases, when a certificate has multiple acceptable keys, the host is associated with a pinset instead of with a single key. SSL pinning happens either during the application development process or when one application first encounters another. Pinning during application development is more secure because breaches can occur if an attacker has certain access privileges during that first encounter.




WhatsApp claims to fully encrypt communication between a user’s mobile device and its backend servers. However, since WhatsApp doesn’t use SSL pinning, users can fall victim to spoofed security certificates. A man-in-the-middle attack could easily steal user credentials, session identifiers or other important information. WhatsApp has said publicly it’s actively working to add SSL pinning to its security protocol, but until it does, user data remains vulnerable.


What Are Man-in-the-Middle Attacks?

Man-in-the-middle attacks intercept data as it travels between two endpoints. For example, an attacker who possesses a security certificate from a trusted authority could read all communication between WhatsApp users and could steal unencrypted passwords. As OWASP explains, man-in-the-middle attacks use spoofed SSL certificates to create a proxy that can view, modify and insert data into an intercepted conversation. In addition to stealing data, a man-in-the-middle attack could install malware onto a user’s device.

Using public Wi-Fi makes people vulnerable to man-in-the-middle attacks. An attacker can easily reroute online traffic to another Wi-Fi router that looks legitimate, or the attacker could exploit weaknesses in an existing router to eavesdrop on conversations. The whole point of WhatsApp is to circumvent carrier SMS costs and when possible, carrier data costs, so many users rely on Wi-Fi hotspots when using WhatsApp for text messaging.

Man-in-the-middle is also significant if you’re concerned about NSA snooping. Apple recently released an iOS update that fixed a major SSL security flaw that left iOS users vulnerable to spoofed security certificates and man-in-the-middle attacks. Some experts have speculated the NSA gained access to Apple devices through this flaw, though the company has denied the NSA can track Apple device communications.




WhatsApp Alternatives

Thanks to the Facebook acquisition, WhatsApp has become “the chosen one” of all of the messaging applications on the market. However, until the company resolves its security flaws, one of these apps can provide users with a secure messaging alternative:

  • Telegram
  • Surespot
  • TextSecure
  • RedPhone
  • Threema

Most likely, WhatsApp will take care of its problems before the Facebook acquisition is complete. Until then, WhatsApp users are vulnerable both to data interception and to remote malware installation.

but on the rival teamBecoming a life coach is not really replica oakleys as easy and glamorous as this article makes it look. There is much more involved, that is up to the personality of the person. If you think you have what it takes to be one, and make a career out of it, then there’s nothing more to be said.At the end of the grueling workweek, you’re finally rewarded with a big fight . and then the game abruptly ends on a cliffhanger. Swing your sword a lot and you’ll get muscular. cheap jerseys china Be a jerk to everyone and people will avoid you. Have a lot of unprotected sex and you’ll get STDs (yes, really). Overeat and you’ll end up looking like a latter day Marlon Brando.There are efforts in the Netherlands to discontinue the tradition, understandably, but purists argue that Zwarte Piet is something like a chimney sweep. He’s the one who goes up and down the chimney delivering presents on behalf of Sinterklaas, so it’s only natural that he would be covered in soot, right? That’s the only reason why Baratas Ray Ban white people dressed up as Zwarte Piet paint their faces black! And, uh, he has cartoonishly large lips because the soot it . it swells them? And he has an afro wig because . well, shit. OK, fine, he’s racist.Only one current NHL playerdeferspart ofhisdeal, according to its players association. About 10 current Major League Baseballplayers have deferral clauses NBA Jerseys Cheap in their contracts, down from 50adecadeago,according to baseball players union. A few NFL contracts have deferrals, agents said, but the players association could not provide an exact number. Inthe NBA,less than5% of free agent signings in the last four years included deferred compensation.LeGarrette Blount’s touchdown run extended the Pats’ advantage to a commanding 31 3 in the third quarter as rookie Jacoby Brissett held the fort under centre. Touchdowns from Kenny Stills, Jordan Cameron and Kenyan Drake set up a tense finish but Duron Harmon intercepted cheap ray bans Ryan Tannehill’s ‘Hail Mary’ in the closing seconds to ice the win.In the April 14, 2000, Albuquerque Journal, Mel Kiper Jr., a draft analyst for ESPN, rated Bryan as the fifth best senior college prospect in America. He was picked ninth by the Chicago Bears making him the highest selected player from the University of New Mexico breaking Robin Cole’s 1977 twenty first pick by the Pittsburg Steelers. Bryan was listed, in the Cheap NFL Jerseys China draft, as his character being his strongest point. Again, I say New Mexico knows a good thing when they see it.Peyton Manning’s brain is the most valuable organ in sports. The Denver quarterback changes plays at the line of scrimmage and will always find the defense’s weakness. The Seattle defense might not have a weakness. They’re the best in football; the Broncos offense hasn’t faced a unit remotely as good as the Seattle defense. The Seattle defense hasn’t faced a unit remotely as good as the Denver offense. The Denver defense, though beset by injury, played well against the Patriots and also against the Chargers for about three quarters of a game. Seattle’s quarterback, Russell Wilson, threw the ball less than any other QB with at least 12 starts; therefore his wide receivers had paltry numbers. But they almost never drop the ball, and they lead the league in yards per catch. In other words, the Seattle offense is secretly pretty good.

About the author

Geeks4Share Administrator wrote 365 articles on this blog.

Priyangshu Borgohain is the owner of Geeks4Share. He is a 17-year-old blogger and web entrepreneur from India who loves making money on the internet. You can join him on Google+.

One thought on “Does WhatsApp Keep Your Data Secure?

  1. You should write an article about Viber’s privacy, great article btw, keep them coming.

Leave a Reply

Your email address will not be published. Required fields are marked *

What is 13 + 10 ?
Please leave these two fields as-is:
Confirm that you are a Human by answering the question!