One of the most popular cross-platform mobile application used as a replacement for messaging and sharing multimedia is under scrutiny of being insecure. Yes, we are talking about none other than WhatsApp. Now we have seen previous instances of idiocy here but the victims there are mostly financial institutions and their reputation, which not a lot of people really care about.
It has been reported by Sam Granger that WhatsApp on Android uses your phone IMEI to generate its passwords:
Then a little later it seems WhatsApp did something about it! By reading the comments section of Sam Granger’s blog it seems it no longer works. Yeah… WhatsApp actually did something about it! Great… but hold your excitement it seems that everything is not what it seems.
Recently reported by Ezio Amodio that WhatsApp on iOS is back up to their old password trickery again. This time they are using the iPhone’s MAC address to generate the password like so:
So what sucks about WhatsApp ? Their security, your privacy and their embarrassment.
Commenter posted a link to pastebin with the most curious title Reverse Engineering: How WhatsApp (not) Securing Your Data It’s a great read and there are George Carlin references too! Can’t get better than that, cryptography, sarcasm, George Carlin and nifty rev-engineering.