A startling revelation about WhatsApp, a popular messaging service, using a password based on the phone’s IMEI number during handle authentication has created a buzz among users and raised concerns over its security.
An interesting analysis by Sam Granger puts forward the possibility of gaining access to a user’s account WhatsApp for Android. The company is using the phone number as the username and a modified version of the IMEI number (inverted with an MD5 cryptographic hash) as the password.
Though the Wikipedia page for WhatsApp already holds the above information, Sam’s success in sending/receiving messages from his friend’s account is enough reason for users to be worried about their security while communicating through WhatsApp for Android.
Why WhatsApp uses IMEI number as password? Is it right?
Simple lines of code can allow you to intercept and send messages from your victim’s account or in simple words, ‘gain total control over the victim’s account’.
“And I’m not even a “hardcore hacker”, says Sam Granger.
WhatsApp is a hugely popular messaging service available on various platforms. It is widely an alternative to SMS. It recently hit a new record of more than 10 billion messages sent and received in a single day, underlining its tremendous popularity. Such ‘popular’ services are often an easy target for hackers with malicious intent.
However, this isn’t the first time it has come under fire for security concerns. Sending messages in plaintext, a loophole to hijack accounts without user’s knowledge and remotely changing user’s WhatsApp status are situations in which the team has dealt with in the past.
But this recent experiment by Sam Granger means a headache for the WhatsApp team. Even more for the user for no one wants his/her data to be in wrong hands. And with the recent leak of 1 million Apple UDIDs by hackers and other security-breach incidents, ‘ Verify before you install’ seems to be the new ‘Look before you leap’.