TweakTown
Tech content trusted by users in North America and around the world
6,158 Reviews & Articles | 39,575 News Posts
TRENDING NOW: Star Citizen creator: "I don't care about consoles"

WhatsApp's lack of encryption is the kind that the "NSA would love"

Facebook may have just purchased WhatsApp for $16 billion, but it looks like the encryption used by the company is lacking, big time (NASDAQ:FB)

| Apps News | Posted: Feb 23, 2014 4:27 am

While Facebook might be acquiring WhatsApp for a hefty $16 billion, it looks like the messaging application company might not be too good with encrypting its messages. With over 450 million active users, this becomes quite the user base for government spies, hackers, and more.

 

TweakTown image news/3/5/35651_04_whatsapp_s_lack_of_encryption_is_the_kind_that_the_nsa_would_love.jpg

 

WhatsApp's use of secure sockets layer (SSL) encryption is meant to support version 2 of the protocol, which is capable of being hacked into, and monitored by a third-party. The messages being flown back and forth between WhatsApp users can even be manipulated. WhatsApp has failed to use a technique known as certificate pinning, which is designed to block attacks using forged certificates to bypass Web encryption.

 

Pinning allows an app to work only when communicating with a server using a specific certificate, and because this certificate is hardwired into the app, it will simply reject connections with any other attempts of a false certificate. Security consultancy firm Praetorian, has chimed in, with Paul Jauregui writing: "This is the kind of stuff the NSA would love. It basically allows them-or an attacker-to man-in-the-middle the connection and then downgrade the encryption so they can break it and sniff the traffic. These security issues put WhatsApp user information and communications at risk".

NEWS SOURCES:Arstechnica.com

Related Tags

Further Reading: Read and find more Apps news at our Apps news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases