Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hacking WhatsApp

Enrique López Mañas
December 22, 2012
Programming
4
1.3k

Hacking WhatsApp

GDG Presentation

Enrique López Mañas

December 22, 2012
Tweet

More Decks by Enrique López Mañas

See All by Enrique López Mañas
Android Benchmarking and other stories
kikoso
0
63
KMP for Mobile Developers
kikoso
0
24
Diving into Coroutines
kikoso
1
43
K/N for mobile developers (including libraries' snippets)
kikoso
0
34
Kotlin/Native for Multiplatform development
kikoso
0
48
TensorFlow for Mobile Developers
kikoso
0
21
Kotlin/Native for Multiplatform development
kikoso
1
140
TensorFlow for Mobile Developers
kikoso
0
83
Digging into authentications and permissions in Firebase
kikoso
2
460

Other Decks in Programming

See All in Programming
Recon Slides by Anon_Y0gi
y0gi
0
210
Famm Android改善記
akatsuki174
0
110
CSC309 Lecture 20
javiergs
PRO
0
120
Spring Modulithで始めるモジュラモノリス開発
yutootsuka
2
240
Rustの手続きマクロで黒魔術入門
lemolatoon
2
520
Swift Extension for Visual Studio Code
usamik26
1
150
どこでも動くWebフレームワークをつくる
yusukebe
13
5.8k
ゲームQAはノーコードの自動化で救えるのか? / Why QA learns programming?
tomotaka_yamasaki
1
150
Cloudflare の画像最適化機能を紹介してみる
maroon1st
0
540
一緒にスクラム開発___GPT-4と人間が共創するプロダクトの進化.pdf
itohiro73
4
2.2k
AT Protocol (BlueSky Social)仕様解説 ~ W3C DID仕様を添えて ~
gpsnmeajp
0
110
Kubernetes基盤を自律的に支えるController化の実装Tips / forkwell-202303-amsy810-k8s
masayaaoyama
5
2.8k

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
182
15k
Teambox: Starting and Learning
jrom
124
7.9k
Rebuilding a faster, lazier Slack
samanthasiow
69
7.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.7k
Scaling GitHub
holman
453
140k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
14
1.2k
WebSockets: Embracing the real-time Web
robhawkes
58
6.1k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
7
4.9k
Designing the Hi-DPI Web
ddemaree
273
33k
Automating Front-end Workflow
addyosmani
1351
200k
What’s in a name? Adding method to the madness
productmarketing
PRO
13
2k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.8k

Transcript

  1. Samstag, 22. Dezember 12

    View Slide

  2. WhatsApp No presentation needed
    No security either
    Samstag, 22. Dezember 12

    View Slide

  3. Known bugs/
    features
    Changing status (not solved)
    Communication without encryption (solved)
    Storage encryption (not solved)
    Authentication (not solved)
    Samstag, 22. Dezember 12

    View Slide

  4. Changing
    status
    Status can be changed remotely
    Programmer published a Website. WhatsApp
    block the website
    Windows tool
    Samstag, 22. Dezember 12

    View Slide

  5. Communication
    without encryption
    Communication was sent in plain text
    Intercepting messages
    WhatsApp Sniffer for Android, Wireshark...
    Samstag, 22. Dezember 12

    View Slide

  6. Authentication
    Authentication against their server
    Usage of WhatsApp API
    WhatsApp sent „Cease and desist“ to
    WhatsApp API programmers
    Samstag, 22. Dezember 12

    View Slide

  7. Storage encryption
    All conversations stored in SD Card
    ... even if you remove them...
    ...even the GPS coordinates....
    ...using the same key for encryption!
    Samstag, 22. Dezember 12

    View Slide

  8. WhatsApp
    Conversation
    stealer
    Uses two permissions
    Library integration
    Silently background service
    Only for scientific purposes :-)
    Samstag, 22. Dezember 12

    View Slide

  9. Danke!
    + http://goo.gl/t4AVh
    @eenriquelopez
    http://www.neo-tech.es
    Samstag, 22. Dezember 12

    View Slide