WhatsApp uses IMEI number as password; can be hacked easily

A startling revelation about WhatsApp, a popular messaging service, using a password based on the phone’s IMEI number during handle authentication has created a buzz among users and raised concerns over its security.

An interesting analysis by Sam Granger puts forward the possibility of gaining access to a user’s account as WhatsApp for Android uses the phone number as the username and a modified version of the IMEI number (inverted with an MD5 cryptographic hash) as the password.  Though the Wikipedia page for WhatsApp already holds the above information, Sam’s success in sending/receiving messages from his friend’s account is enough reason for users to be worried about their security while communicating through WhatsApp for Android.

Simple lines of code can allow you to intercept and send messages from your victims account or in simple words, ‘gain total control over the victims account’.

“And I’m not even a “hardcore hacker”, says Sam Granger.

WhatsApp is a hugely popular messaging service available on various platforms and is widely considered as an alternative to SMS. It recently hit a new record of more than 10 billion messages sent and received in a single day, underlining its tremendous popularity. Such ‘popular’ services are often an easy target for hackers with malicious intent.

However, this isn’t the first time it has come under fire for security concerns. Sending messages in plaintext, loophole to hijack accounts without user’s knowledge and remotely changing user’s WhatsApp status are situations which the team has dealt with in the past.

But this recent experiment by Sam Granger means headache for the WhatsApp team and even more for the user for no one wants his/her data to be compromised by any means. And with the recent leak of 1 million Apple UDIDs by hackers and other security-breach incidents, ‘ Verify before you install’ seems to be the new ‘Look before you leap’.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *