7 dangers of WhatsApp to which we are exposed without knowing it
An in-depth report reveals the ease with which anyone can access, steal and supplant the information and the identity of the users of this mobile application.
The National Centre of Intelligence (CNI) of Spain published in September a report on the threats and risks posed by the use of the instant messaging application WhatsApp. The document reveals what are the main vulnerabilities of the program and how hackers may use them to impersonate the identity of the user, steal information and personal data. Below, we offer some of the flaws most prominent in this ‘app’.
Fragile security in the process of high –
One of the most important problems is the security in the process of incscripción and verification of users. “The characteristics of the registration process conducive to an intruder could be done with the user account WhatsApp of another person, to read the messages that you receive and even send messages on your behalf,” says the study.
Hijacking of accounts
The CNI warns that it is possible to take advantage of network failures, known as the telecommunications protocol SS7, through which the hackers can record calls, read messages, and to detect the location of the device.
The attack is easy, making believe to the telephone network, the telephone the attacker has the same number as that of the victim,” explains the agency. In this way, the offender “gets to receive a verification code of WhatsApp valid” and gets “full access to the account of the victim, regardless of the encryption included in the communications.” To avoid this situation, the Spanish authorities recommend activating the option “Show security notifications” in the settings section of the account.
Threads deleted that do not go away
despite the fact that you delete conversations on WhatAspp be a simple task, it does not mean that you have completed this task, because they remain encrypted and are always subject to someone who accesses the records of the application and to backup the recover. “The messages are marked as free”, in such a way that it can be overwritten with new conversations or data “when needed”. This allows you to “improve the consumption of resources in the devices and improve the system of storage,” explain the authors of the report.
To avoid this problem, it is recommended to uninstall the application and install it again, even if that solution does not affect the of the backups saved in the phone or external device.
Theft of accounts by SMS
A person may access a session from WhatsApp with ease if you were to lose or have stolen the cell through their own phone or an emulator that will allow to initiate a registration with the device of the victim, where you will receive a security code by SMS, and so, it will start and will log all the session.
To avoid this, there is that “turn off the preview of the sender and content on the lock screen of the terminal.”
Theft of accounts through calls
The procedure is similar to the method of the SMS only, in this case, they employ the method of verification session by phone call. As a solution to this scenario, would have to “collect the different telephone numbers used by the application to perform check calls and block them from the terminal, to not perform the activation using this mechanism.
The risk of the information stored in the database
Save the account information of the application in local databases, either on the phone or through the exchange of personal data with Facebook, they assume that “if an attacker manages to get hold of this file, I could access all the conversations and the user’s private data”.
Depending on the version of WhatsApp used, “there are plenty of apps that allow in a simple way the decryption of the information.” As a solution to this trance, the NRC suggests to pay close attention to “what third party applications are installed, as well as the physical access of another person to the terminal.”
despite efforts on the part of both companies to protect the information of its users and ensure that they do not share neither the photos nor the profile information, some details such as phone number, contacts, or the time of the last connection are recorded in the file.
Vulnerability in networks public wifi
When you log in for the first time to a public wi-fi, Whatsapp disseminates information about the user data of the application, which is exposed to any cyber attack.
Via: RT
No comments:
Post a Comment