WhatsApp Crypto Flaw Exposes Android Chat History

The cross-platform instant messaging app WhatsApp, recently purchased by Facebook for $16 billion, has a vulnerability in its Android version that leaves chat histories wide open to other apps installed on the same smartphone.

In a blog published this week, researcher Bas Bosschert disclosed that the WhatsApp database on an Android is stored on the SD card and can be accessed by any other apps with access to that SD card. Effectively that means any chat history stored on the device can be read.

WhatsApp did, however, implement encryption in newer releases, however that isn't enough.

"The WhatsAppp database is a SQLite3 database which can be converted to Excel for easier access. Lately WhatsApp is using encryption to encrypt the database, so it can no longer be opened by SQLite. But we can simply decrypt this database using a simple python script. This script converts the crypted database to a plain SQLite3 database ..."

The update released on Tuesday, March 11, is still vulnerable to this attack, according to Bosschert.

Whitepaper: Achieving Mobile Agility in a BYOD World