The undisputed leader in the western world for instant messaging, with over 900 million active users, WhatsApp is synonymous with smartphones and messaging. Despite this, there are constantly new controversies relating to the security of the application and this has led to many doubting the integrity of the service.
From fraud to malicious programs that take advantage of its popularity, to apps that spy on users and other vulnerabilities, there is seemingly no end to the problems which have been raised in a study carried out by investigators at the Cyber Forensic Research & Education Group at the University of New Haven in the United States.
Thanks to developing their own forensic tool, the investigators have managed to decode part of the communication that is established between the servers of WhatsApp and those of the user when there is communication of any sort carried out via the app.
They have discovered that, amongst other things, the popular instant messaging service collects and stores sensitive information about the user and the conversations that they have. None of this appears to be essential to the functioning of the messaging service, so you have to ask why the company does it, and why they haven’t publicly stated this before.
The company keeps a record of all calls that we make, who receives them, and their duration. What’s more, the people behind the study believe that encryption keys could also be somehow sent during these communications. Although they haven’t proven it yet, it could be just the tip of the iceberg for new security flaws in the chat service.
The group of experts from the University of New Haven have urged other investigators to use the tool that they have developed in the hope that more security breaches will be unearthed, as there are also fears over similar practices with other messaging services such as Facebook Messenger and Telegram.
Recently we have seen that WhatsApp has taken measures to try and improve the level of security that it offers to its users in order to guarantee their privacy. These steps include the introduction of the famous and controversial double check, specific updates, and a stronger encryption system.
However, to keep the system user-friendly, some recommended security measures aren’t compatible as it would compromise the user experience too much. This difficult balance is what WhatsApp finds itself fighting against as it fights to stake its claim as the largest, and most secure, instant messaging service on the market.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
2 comments
We get 3 to 5 calls a DAY from different phone numbers claiming to be Panda representatives. We do not talk to them, but the volume of calls is harming my business. If Panda is responsible for these calls – CEASE AND DESIST AT ONCE. If your company is not, I strongly suggest you seek help in identifying, suing, and blocking those doing this.
My company will NOT use your products in the future is this is not corrected!
Yours truly,
S. L. Chalmers
CEO – Cooling Products
Dear S.L. Chambers,
It looks like you have been the subject of a phishing or scam call from individuals pretending to be members of the Panda Security support team. We can assure you that Panda Security has no relation whatsoever in regards to this matter.
Therefore, we strongly recommend you follow the instructions below, in order to report this situation to the competent authorities, so they can tackle the issue as soon as possible.
National Do Not Call List
Avoid phone scams by registering your home and cell phone numbers with the National Do Not Call Registry or by calling 1-888-382-1222. This national registry was created to offer consumers a choice regarding telemarketing calls. It won’t stop all unsolicited calls—but will help stop most.
Report Telephone Fraud
If you believe you have been a victim of a telephone scam or telemarketing fraud, you can file an online complaint with the Federal Trade Commission (FTC), or by phone at 1-877-382-4357.
Panda Security is also fighting to stop these scammers and we will let you know as soon as we can give more information on this matter.
Best Regards,
Panda Security