Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hacking WhatsApp

Hacking WhatsApp

GDG Presentation

Enrique López Mañas

December 22, 2012
Tweet

More Decks by Enrique López Mañas

Other Decks in Programming

Transcript

  1. Samstag, 22. Dezember 12

    View Slide

  2. WhatsApp No presentation needed
    No security either
    Samstag, 22. Dezember 12

    View Slide

  3. Known bugs/
    features
    Changing status (not solved)
    Communication without encryption (solved)
    Storage encryption (not solved)
    Authentication (not solved)
    Samstag, 22. Dezember 12

    View Slide

  4. Changing
    status
    Status can be changed remotely
    Programmer published a Website. WhatsApp
    block the website
    Windows tool
    Samstag, 22. Dezember 12

    View Slide

  5. Communication
    without encryption
    Communication was sent in plain text
    Intercepting messages
    WhatsApp Sniffer for Android, Wireshark...
    Samstag, 22. Dezember 12

    View Slide

  6. Authentication
    Authentication against their server
    Usage of WhatsApp API
    WhatsApp sent „Cease and desist“ to
    WhatsApp API programmers
    Samstag, 22. Dezember 12

    View Slide

  7. Storage encryption
    All conversations stored in SD Card
    ... even if you remove them...
    ...even the GPS coordinates....
    ...using the same key for encryption!
    Samstag, 22. Dezember 12

    View Slide

  8. WhatsApp
    Conversation
    stealer
    Uses two permissions
    Library integration
    Silently background service
    Only for scientific purposes :-)
    Samstag, 22. Dezember 12

    View Slide

  9. Danke!
    + http://goo.gl/t4AVh
    @eenriquelopez
    http://www.neo-tech.es
    Samstag, 22. Dezember 12

    View Slide