WhatsApp flaw leaves Interception of user Location vulnerable to spies

Posted on April 21, 2014 10:41 am

In a video posted online last week by researchers at the University of New Haven’s Cyber Forensics Research and Education Group found that WhatsApp sends user location unencrypted. They published the video as a proof-of-concept to demonstrate their findings. Once WhatsApp users send other users their location, the data is then downloaded from Google Maps as an image. The problem is that this image is unencrypted, which means that an attacker could intercept the data in what is widely known as the man-in-the-middle attack.

To demonstrate that the location image can be intercepted, experts then set up an experiment in which they mimicked a rogue access point, considered to be one of the easiest way for an attacker to launch man in the middle attacks.

WhatsApp is a popular mobile phone app that enables users to send text messages for free and was recently acquired by Facebook for around US$19 billion in February. In March, a flaw enabling WhatsApp users’ private messages to be intercepted through downloaded Android apps was revealed.

Watch the University of New Haven Cyber Forensics Research & Education Group video

Contador Harrison