TweakTown
Tech content trusted by users in North America and around the world
5,918 Reviews & Articles | 38,134 News Posts

WhatsApp's lack of encryption is the kind that the "NSA would love"

Facebook may have just purchased WhatsApp for $16 billion, but it looks like the encryption used by the company is lacking, big time (NASDAQ:FB)

| Apps News | Posted: Feb 23, 2014 4:27 am

While Facebook might be acquiring WhatsApp for a hefty $16 billion, it looks like the messaging application company might not be too good with encrypting its messages. With over 450 million active users, this becomes quite the user base for government spies, hackers, and more.

 

TweakTown image news/3/5/35651_04_whatsapp_s_lack_of_encryption_is_the_kind_that_the_nsa_would_love.jpg

 

WhatsApp's use of secure sockets layer (SSL) encryption is meant to support version 2 of the protocol, which is capable of being hacked into, and monitored by a third-party. The messages being flown back and forth between WhatsApp users can even be manipulated. WhatsApp has failed to use a technique known as certificate pinning, which is designed to block attacks using forged certificates to bypass Web encryption.

 

Pinning allows an app to work only when communicating with a server using a specific certificate, and because this certificate is hardwired into the app, it will simply reject connections with any other attempts of a false certificate. Security consultancy firm Praetorian, has chimed in, with Paul Jauregui writing: "This is the kind of stuff the NSA would love. It basically allows them-or an attacker-to man-in-the-middle the connection and then downgrade the encryption so they can break it and sniff the traffic. These security issues put WhatsApp user information and communications at risk".

NEWS SOURCE
Arstechnica.com

Related Tags

Further Reading: Read and find more Apps news at our Apps news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases