WhatsApp makes slightly authentication
The popular SMS WhatsApp competitor has introduced an encryption. Now reported, the British web developer Sam Granger, as the authentication for the web interface of the service takes place on Android: The program uses the unique device identifier (IMEI) to it to create a simple regenerative key.
According to Granger WhatsApp use simply the inverted IMEI and create it without further "Salt" an MD5 hash. Since acting as the user's phone number, could allow the attacker to find the necessary data easily with standard Android interface. A program to determine the IMEI and the phone number was written quickly and set under a false pretext to Google Play.
Then it would be possible to use the WhatsApp service with these credentials, Granger writes. Although there is no official API for it, but on the net there is software that promises access to WhatsApp web services. Thus, it may be possible to send messages that appear to come from the users of the hacked accounts.
So far there is no information on how WhatsApp handles the authentication on other platforms. Apple's iOS has approximately unlike Android no official interface with which we can calculate the IMEI. The phone number, so the user name sent, the program the way despite the recent introduction of encryption remains in plain text.
WhatsApp uses a version of the XMP protocol for exchanging messages, the number of Instant Messenger. The app runs on all relevant mobile platforms.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment