Site icon Panda Security Mediacenter

WhatsApp is insecure. Myth or reality? II

WhatsApp

Following the information we already commented in the article WhatsApp is unsafe. Truth or myth?, and taking into account the comments you made, we want to share with you a new entry.


WhatApp has always been reluctant to release a public API and encourage developers to create applications based on its platform. This has led some people, by means of reverse-engineer, to get to know how WhatsApp works internally.

Thanks to the reverse engineer work, an alternative known as WhatsAPI was published  to use WhatsApp from programming languages like PHP and Python, thus opening the door to web applications.

If we add this information to the formerly mentioned weakness of the encryption key, we face the troubling situation that it is even easier now, if anything, to impersonate someone in WhatApp: we only need to know the IMEI of the phone (in the Android devices), or the MAC of the network card (for IOS devices). There are already websites which offer to non-technical users the ability to impersonate a user in WhatApp: you only need to know the MAC or IMEI of the phone you want to impersonate.

Let us reformulate our safety recommendations, then:

Exit mobile version