Jump to content



Photo

Realized that WhatsApp has a huge security flaw...


  • Please log in to reply
8 replies to this topic

#1 yo popcaan

yo popcaan

    Neowinian

  • 50 posts
  • Joined: 17-July 12

Posted 24 April 2013 - 04:42

If you change your number and someone else takes it after a few months, all your contacts/messages are accessible by the next person who installs WhatsApp on the same phone number unless the account was deleted manually. I got a new phone number and can access the previous owner's contacts/messages (using my smartphone!) This is ridiculous!


#2 Circaflex

Circaflex

    Neowinian Senior

  • 4,706 posts
  • Joined: 18-August 02
  • Location: California
  • OS: 8 x64, 7 x64, Mountain Lion, Ubuntu
  • Phone: hammerhead

Posted 24 April 2013 - 04:51

yea i think a few apps are probably like that, i bet groupme is the same because it ties to your number not a login

#3 Nick H.

Nick H.

    Neowinian Senior

  • 11,758 posts
  • Joined: 28-June 04
  • Location: Switzerland

Posted 24 April 2013 - 06:12

In fairness, there are several large security flaws with Whatsapp. I remember posting a news article about it back in October.

#4 Steven P.

Steven P.

    aka Neobond

  • 31,253 posts
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 24 April 2013 - 11:12

If you change your number and someone else takes it after a few months, all your contacts/messages are accessible by the next person who installs WhatsApp on the same phone number unless the account was deleted manually. I got a new phone number and can access the previous owner's contacts/messages (using my smartphone!) This is ridiculous!


I know right :/ I reset and wiped my iPhone and deleted the WhatsApp app and was surprised to see that after my HTC 8X broke and I needed to use my iPhone 4 again, reinstalling WhatsApp immediately repopulated the messages and contacts I hadn't manually deleted from the app.

#5 lunamonkey

lunamonkey

    Ten years on Neowin.

  • 9,028 posts
  • Joined: 28-May 03
  • Location: Swindon, England

Posted 24 April 2013 - 11:28

So it's a useful feature that can backfire if you a) don't realise b) don't remember.

Maybe they should use email instead of mobile number to save details on their database like Google contacts.

#6 +Nik L

Nik L

    Where's my pants?

  • 34,327 posts
  • Joined: 14-January 03

Posted 24 April 2013 - 11:44

This is why I ALWAYS port my number :)

#7 XerXis

XerXis

    Neowinian Senior

  • 5,096 posts
  • Joined: 13-February 06
  • Location: Belgium

Posted 26 April 2013 - 12:09

why wouldn't they use a combination of the number and a user chosen password to connect, it wouldn't change anything about the functionality. And they also need a way to transfer an account to a new number. If they did those two things, all problems reported here would have been solved

#8 fusi0n

fusi0n

    Don't call it a come back

  • 3,901 posts
  • Joined: 08-July 04
  • OS: OSX 10.9\Windows 10\Ubuntu
  • Phone: LG G3

Posted 26 April 2013 - 12:28

yeah.. i never would trust any of these apps.

#9 axel_lucas

axel_lucas

    Neowinian

  • 2 posts
  • Joined: 19-September 13

Posted 23 September 2013 - 11:53

Not completely secure I can say !!!!!!