Tests performed by The H's associates at heise Security have found that popular texting alternative WhatsApp is easily hacked using freely available tools. Anyone using WhatsApp on a public Wi-Fi network risks having their data sniffed and their account used to send and receive messages. Once hacked, there is no way to restore account security – attackers will be able to continue to use the hacked account at their discretion.
Over the last week the lack of security inherent in WhatsApp's authentication has gradually become clear. Researchers have discovered that the client uses an internally generated password to log on to the server; this password is generated on Android devices from the device's serial number (IMEI) and on iOS devices from the MAC address of the Wi-Fi interface. The problem with this is that the information is anything other than secret – the IMEI can often be found on stickers inside of Android phones (usually under the battery) and can also be obtained using a shortcut key combination or by any app.
Considering the age of this article (14th September) I'm assuming this isn't news to anyone? I couldn't find a thread about it though, so figured I'd post to be sure.