Security bloggers are piling on with the criticism of WhatsApp, saying there are serious problems with how data is protected from prying eyes in the popular mobile IM software.

Several bloggers allege that the WhatsApp mobile chat program has weak security that puts users, which include human-rights activists, at risk.

In a series of posts on blogs and public Web pages, security and mobile researchers have been piling on the criticism of WhatsApp. Unfortunately, representatives of WhatsApp have not commented on the recent allegations, though criticism cropped up in May and even last year. WhatsApp did not respond to an e-mail from CNET seeking comment today. The company is unlisted in the San Francisco phone directory. We will update this post if we hear back.

The main complaints with WhatsApp are with the authentication and how it seems to be based on identification numbers associated with the devices. For example, the password for Android devices is based on an MD5 hash of the reversed IMEI (International Mobile Equipment Identity) used to identify the device, according to a blog post from Android developer Sam Granger last week. He lists different ways an attacker might get the IMEI.

Read full story

Advertisements