The free to use IM application WhatsApp was initially released back in 2009 and soon after became one of the most popular clients on both iOS and Android mobile devices. Fairly easy to use with an inviting user interface, it wasn’t until May 2011, when the security of the application became a subject of investigation. However, overlooked by most, the application continued growing in popularity reaching a point where it was acquired by Facebook, a few months ago, and due to its constant presence on the web, the WhatsApp security flaws on both Android and iOS managed to rise to the surface, leaving all of its users asking if their private information and conversations on the free application could be compromised.
[promo title=”The first security hole – May 2011″][/promo]
Designed to be simple and fairly easy to use, the architecture of the IM software was so simple back in May 2011 that in fact a major security hole was reported. Being a huge WhatsApp security flaw for both iOS and Android, it turned out that communications made through the free IM application were actually not encrypted, but simple plain text allowing for hackers who could perform simple session hijacking and packet analysis to easily get a hold of every conversation being made through the application. However, this problem was not addressed by the developers at the time.
[promo title=”The second security hole – January, 2012″][/promo]
The second time major concern regarding the WhatsApp security flaws on Android and iOS devices were raised, was in January 2012, when an unknown hacker published a website that quickly got viral called WhatsAppStatus.Net making it possible for users to change the status of any user as long as the phone number was available. However, instead of fraudulently exploiting the major security holes of the application, the hacker just wanted to make a statement as to how insecure the application really was in an attempt to warn people and address the developers alike. However, WhatsApp developers managed to solve the problem by programming a simple IP address check on the currently logged-in sessions.
[promo title=”The third security hole – May 2012″][/promo]
Finally fixing the first security hole by applying a cryptographic method, the developers of the free mobile IM application quickly became a laughing stock for the hackers and professional programmers alike. Although most common users weren’t concerned by the fact, the attempt to fix the initial WhatsApp security flaw on the Android and iOS was greeted with irony, as the cryptographic method the developers were using at the time was described as “broken” and “amateurish” with some developers even calling it “childish.” Later on in August, 2012 a new cryptographic method was presented that managed to secure the conversations that were being conducted through the application.
[promo title=”WhatsApp Security Flaws Today”][/promo]
With the recent acquisition by Facebook more people became involved with investigation about the security concerns and the private information that the application posses. However, as to this date it is uncertain as to how many of the WhatsApp Security Flaws on Android and iOS were actually addressed. However, a thing that becomes certain is that the IM application may have been released prematurely and have had been used by millions of people that were not aware at the time of the security threats it possessed. Are you still using WhatsApp after its acquisition from Facebook? Let us know in the comments below or in our forums.