whatsapp spy

Vulnerabilities in the WhatsApp application "that the NSA would love"

Shortly after the announcement ex της υπηρεσίας WhatsApp από το Facebook, πάρα πολλοί εξέφρασαν τις ανησυχίες τους για την προστασία της ιδιωτικής τους ζωής. Αμέσως μετά, ειδικοί σε θέματα ς αποκάλυψαν αρκετά , "which the NSA would love." The security issues were identified by the Praetorian

Η εταιρεία ασφαλείας ανακάλυψε 4 τρωτά σημεία που σχετίζονται με το πρωτόκολλο SSL. Οι ερευνητές διαπίστωσαν ότι το SSL δεν εφαρμόζεται. Αυτό επιτρέπει σε έναν εισβολέα να πραγματοποιήσει επιθέσεις και να αποκτήσει τα διαπιστευτήρια του ιδιοκτήτη καθώς και άλλες ευαίσθητες πληροφορίες.


The second issue is that support for SSL export ciphers is enabled. This allows an attacker to degrade the to 40-bit or 56-bit DES, making the system vulnerable to brute-force attacks.

In addition to supporting their export encryption algorithms, WhatsApp also supported null encryption algorithms.

"With Null Ciphers supported, if the application owner tries to communicate with the server using SSL and both parties do not support any common cipher, then the data is in plain text format. The support of Null Ciphers is not something we come across often, it is very rare,” the experts explain.

Finally, the WhatsApp application used SSLv2 protocol support. This n έχει αρκετές και οι ειδικοί συστήνουν να μην tai.

Shortly after the security company was notified, WhatsApp encountered three of the vulnerabilities. Praetorian has confirmed that vulnerabilities have been identified. The only thing left is the enforcement of SSL pinning, but WhatsApp said it would fix it immediately.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).