If you use WhatsApp as your main messaging program on iOS or Android, you might want to look for another app to handle your communications for the next few weeks. Thijs Alkemade, a computer science researcher at Utrecht University in the Netherlands, filed a report on Tuesday detailing several potential breach points in the application, each of which enable anyone with rudimentary knowledge of encryption tactics to read everything you and your contacts say to one another. His blog goes on to suggest both the central servers and the backend are vulnerable to attackers, and carry significantly weaker cryptography codes than their counterparts.
Both the RC4 and HMAC encryption methods were compromised, both through loopholes that required nothing more than a standard MITM procedure to gain access to the content of a users message in plaintext. The streams can be tapped for observers by mimicking the communication between the phone and the central server, which gives any curious hacker the ability to silently listen in without being disturbed. Alkemade goes on to reference a research paper released in 2006 which covers how attackers were able to decipher data through decryption with 99% accuracy, only sacrificing a marginal amount of latency to the same sort of packet-loss one might expect over a standard Wi-Fi connection.
WhatsApp CEO Jan Kuaom has categorically denied the whole of Alkemade’s accusations, claiming they are based on empircal evidence and shouldn’t be taken seriously by the public.
Vulnerabilities like this are an inescapable part of owning a mobile phone these days, and as long as people continue to entrust their entire livelihoods to their phones and tablets, hackers will be out there trying to find the fastest way in. That’s why we at VPN Creative recommend using apps like PureVPN and HideMyAss Pro VPN on your iOS or Android device, which keep your presence online anonymous while simultaneously encrypting data and keeping you safe from man-in-the-middle attacks like those plaguing the WhatsApp messenger.