A German developer has succeeded in making a web application for WhatsApp to write, by the lack of authentication mechanisms for WhatsApp to work. By doing so, users from the desktop to send messages.
There is still no official way to get WhatsApp to use from a desktop, although it is possible, for example, is to use BlueStacks, the Android app for WhatsApp to simulate and therefore messages to send and to receive. Because it is officially not possible, however, is to take on more than one device WhatsApp activated, meant activation of WhatsApp on the pc until now that the app no longer works on the phone.
A German developer has what found. Because WhatsApp is a fairly simple way of authentication and encryption applied, the developer, Sascha Gehlich, a web application build with which messages can be sent and received. Messages via WhatsApp among Android encrypted with the imei number, and on iOS it’s done with the mac address. Entering the imei number or mac address is enough to log in to WhatsApp.
Activation by sms is therefore not necessary. Can WhatsApp on only one location active at a time, so the application onto the phone to be closed when the web application is used. Also be calls and contacts are not synchronized.
The application can be useful for users of WhatsApp from their desktop calls, but also explains the lack of security of the WhatsApp protocol to expose. On Android can imei numbers and phone numbers namely by applications can be read, giving them the WhatsApp session, users would be able to hijack.
On iOS is even easier: as mentioned above, the mac-address is required, which relatively easily can be scanned by users who are on the same network. Therefore, the users would WhatsApp-sessions of acquaintances that are on the same wi-fi network are and who they have a telephone number, can hijack.
It is not the first time that a hole in the security of the popular sms-alternative is uncovered. Earlier this year, reported Tweakers.net that it is possible to change the WhatsApp-status of other remote users to modify. Also brought Tweakers.net the news of beveiligingsonderzoeker ObAt that WhatsApp messages are unencrypted save.
The developer claims that no data logging; also, calls are not preserved. That without prejudice to the fact that it is never wise to make personal data, including imei numbers, to share with others.
