A bug allows you to steal and read WhatsApp chats on Android

It seems that, after your purchase by Facebook , WhatsAppis calling everyone's attention more than ever. Both those looking for a reliable instant messaging service, as well as those who want to take advantage of it This is perhaps why new security problems and flaws are being discovered that demonstrate vulnerability of WhatsApp against third-party attacks.The last one would allow to steal and read the conversations that this application stores in the terminal in the case of platform devicesAndroid

The discovery comes from the hands of the technical director of Double Think, who has published on his blog step by step how he has achievedbypass WhatsApp security to access the conversations stored in the terminal. A more or less simple process that could be introduced through applications to secretly steal all the conversations of millions of users who install and accept the permissions of that spy tool Issues that not even the latest update of WhatsApp are able to avoid.

Apparently the biggest problem with this issue is that WhatsApp for Android stores the conversations in several files inside the database folder of the terminal.So even though these files are encrypted or passcode protected, any other application with the necessary permissions could access those files or conversations. It is enough to get the user to download a spy application with the code developed by this person, which he has made public on his blog, and accept his permissions to get his purpose.

In addition, the discoverer of this vulnerability has thought through all the details, explaining how the process works step by step. The idea would be to create an application that attracts the users' attention and that is installed accepting all the permissions that are usually overlooked mechanically. With this, the program would have access to the files stored in the folder WhatsApp database and upload them to the serverof the person you want to spy on.All this with a screen with the label Loading that keeps the user waiting while he carries out this entire process without him knowing anything.

The CTO (technical director) of Double Think has also thought about how to decrypt or decrypt these files stolen by the spy app. And it ensures that said protection is extremely simple, being able to use another code to transform it into a file that can even be transferred to a Excel spreadsheet to comfortably read all the information they save, that is, all the messages of the user's conversations.

In short, a vulnerability that puts the privacy of WhatsApp users at risk and that, surely Facebook will try to solve as soon as possible. And it is that the investment of 19 billion dollars could be disastrous if users start rejecting this application for its notorious problems of securityAt the moment there is no known reaction from Facebook or WhatsApp regarding this problem .