Like everything else online, the user must always be careful of what they post and say.
The recent acquisition of messaging application WhatsApp by social networking giant Facebook for a whopping USD19 billion has fallen under scrutiny because of security issues that have been found in a new study undertaken.
The Cracks in the Wall
The research headed by Paul Jauregi of the online security firm Praetorian found a series of weaknesses in the encryption of the communication of users in the app.? He pointed out the lack of ?certificate pinning?. This SSL encryption safeguard protects the forgery of the digital certificate which provides proof of encryption of information sent out from the source to the recipient.
This SSL encryption has become very important in light of recent hacking of certificate authority firms such as Diginotar and Comodo, where false credentials have been made allowing hackers to alter encrypted data intercepted with the forged certificates, according to a recent report.
According to Jauregui, ?It basically allows them- or an attacker ? to man-in-the-middle the connection and then downgrade the encryption so they can break it and sniff the traffic. This is the kind of stuff the NSA would love.?
Another Issue with the App
Another report found security issues when it comes to WhatsApp photos. In some instances, WhatsApp Web would be able to see photos they are not allowed to view, which cannot be seen on the mobile app. On the WhatsApp mobile app, deletion of the photo on the device after sending it would result in a blurred version of the photo being received on the other end. It has been surmised that the security issues would be with the syncing of the mobile app with the web applications.
Currently, WhatsApp has more than 500 million users from all over the globe. The acquisition has faced rough sailing with regulators as well as privacy advocates who have criticized previous missteps of WhatsApp in the past.
For its part, WhatsApp has rolled out an end to end encryption system to protect messages using the application. There are still many hurdles to face as the app continues on the path of success it is now taking.