Is someone about to hack your smartphone?
Is someone about to hack your smartphone?
Benedikt Fuest

For months, free smartphone instant messaging service WhatsApp has been topping the download charts. It is a favorite application for both iPhone and Android users. To the annoyance of cell phone providers, WhatsApp has become a kind of quasi replacement for the old fee-based SMS. According to WhatsApp developers, their servers handle over 10 billion messages per day.

However the service, which is run by small San Francisco start-up WhatsApp Inc., is neither as secure nor as failure-resistant as one would expect from a market leader. In his blog British web developer Sam Granger writes that any relatively ambitious hacker could get into WhatsApp accounts without a problem, either to intercept messages or send messages from their victim’s account.

This is because WhatsApp is set up to make the service friendly to new users who don’t have to provide their own combination of user name and password – they just use the existing info relating to their phone as login data. Telephone numbers are simply and clearly the basis for user names, and WhatsApp passwords -- at least on Android phones -- are clearly based on a phone’s IMEI serial number.

Granger discovered that to generate a password out of the IMEI number the app just changes the order of the digits – “your password is likely to be an inverse of your phones IMEI number with an MD5 cryptographic hash thrown on top of it.” What that means is that anybody who knows a phone’s IMEI number can figure out the password.

Many apps use IMEI numbers to identify phones, and any installed program can access that information and pass it on to an external database. In the event that what happened to iPhone this week (a hacker group released one million Apple UDIDs) happens to WhatsApp, and a database generated from the phone serial numbers were to be made public, WhatsApp user accounts would be compromised and become targets for spammers. Not that hackers have lost any time -- on gray market sites, databases of Android phone serial numbers and corresponding cell phone numbers are sold under the keyword WhatsApp.

WhatsApp has been criticized many times for its security loopholes. Until recently the app carried unencrypted messages through the net, and a simple program made it possible for them to be accessed from a Wi-Fi network. The app also stores message history unencrypted on the SD memory card of Android phones.

Another issue is that WhatsApp can be completely cut off from the mobile phone network. As this article goes to print, T-Mobile users cannot access WhatsApp after a T-Mobile update blocked the relevant network port. T-Mobile says this was accidental and service would be resumed as fast as possible.

Support Worldcrunch
We are grateful for reader support to continue our unique mission of delivering in English the best international journalism, regardless of language or geography. Click here to contribute whatever you can. Merci!
China

Peng Shuai, A Reckoning China's Communist Party Can't Afford To Face

The mysterious disappearance – and brief reappearance – of the Chinese tennis star after her #metoo accusation against a party leader shows Beijing is prepared to do whatever is necessary to quash any challenge from its absolute rule.

Fears are growing about the safety and whereabouts of Peng Shuai

Yan Bennett and John Garrick

Chinese tennis star Peng Shuai's apparent disappearance may have ended with a smattering of public events, which were carefully curated by state-run media and circulated in online clips. But many questions remain about the three weeks in which she was missing, and concerns linger over her well-being.

Peng, a former Wimbledon and French Open doubles champion, had been out of the public eye since Nov. 2. 2021 when she penned a since-deleted social media post accusing former Chinese Vice-Premier Zhang Gaoli of sexual misconduct.

In the U.S. and Europe, such moments of courage from high-profile women have built momentum to out perpetrators of sexual harassment and assault and give a voice to those wronged. But in the political context of today's People's Republic of China (PRC) – a country that tightly controls political narratives within and outside its borders – something else happened. Peng was seemingly silenced; her #MeToo allegation was censored almost as soon as it was made.

Keep reading... Show less
Support Worldcrunch
We are grateful for reader support to continue our unique mission of delivering in English the best international journalism, regardless of language or geography. Click here to contribute whatever you can. Merci!
THE LATEST
FOCUS
TRENDING TOPICS
MOST READ