According to a blog published by a sysadmin named Bas Bosschert, the popular messaging app WhatsApp could potentially be vulnerable to a hole that allows any apps installed alongside the program on an Android phone to openly read and log any chats sent and received between users if permissions are not explicitly changed beforehand.
“The WhatsApp database is saved on the SD card which can be read by any Android application if the user allows it to access the SD card,” Bosschert wrote. “And since [the] majority of the people allows [sic] everything on their Android device, this is not much of a problem.”
Of course, the vulnerability only works if the user installs another malicious app on their phone or tablet specifically designed to seek out this chat history, but it’s not unlikely that virus vendors could start including the instruction since the news of the unpatched problem has gone live.
Even though the database which normally keeps these conversations safe is encrypted, Bosschert suggests it was simple to crack, and required a relatively low amount of resources to break through once the content had been lifted from the central servers and sent back to home base.
Still no word on whether or not iPhone users are affected, however you should still be careful if you find yourself chatting with anyone who uses an Android as their side of the interaction is still open to scrutiny until the company announces its next patch to close the gap.
Although WhatsApp continues to be plagued by a series of malware mishaps that would wreck the reputations of lesser companies, analysts hope their highly-priced acquisition by the social media giant Facebook could provide the shot in the arm the app has been looking for and finally give it a stable security foundation to stand on as new users continue to flood in by the million every month.