WhatsApp is said to be using SSL encryption to secure its messaging service, however this year has not been so kind with WhatsApp security. about a month back Researchers discovered 4 gaping SSL security holes in the app which would have compromised its 430 million user ids and phone numbers and now a unpatched flaw that puts the user location at risk of being traced by hackers or attacker over Rogue Access point.
According to the report, there is a major flaw in the way WhatsApp sends location data when it downloads the location from google maps. The main issue is that the location image is unencrypted, leaving it open for interception through either a Rouge AP, or any man-in-the middle attacks.
A feature in the WhatsApp allows user to share his current location, once the request is made by the user to share his location. whatsApp uses an unencrypted channel to access the present location of the user and then send a screenshot of the Google map location of the user. the flaw can work here and hackers can sniff the requested Image.
Considering the Condition of a Rogue Access point (network) how the bug can be exploited was explained by the Researcher,
The mobile traffic was captured using the Windows 7 virtual wifi miniport adapter feature. The host computer was connected to the Internet via an Ethernet cable so that the wireless card was not in use. The Ethernet connection was set to share its Internet access with the virtual wifi miniport adapter – this helped them to mimic a Rouge Access Point (AP). and allowed to capture the traffic over the wireless network using NetworkMiner and Wireshark.
A Video Demonstartion can be seen below:
Result of the Research: Researchers managed to reconstruct the location image with the source of the Image as Google maps and destination as the tested device.
The Vulnerability has already been reported to WhatsApp security team with a response Acknowledge message sent back as,
” Hello XXXXXX, Thank you for your report. We have already implemented this solution in the latest beta versions of our app. We will be rolling this fix out to the general public with the next release on each platform. If you have any other questions or concerns, please feel free to contact us. We would be happy to help!”
This could be noted that the latest beta version of the app is not vulnerable to the found bug, how ever all other versions are still to be patched.