Pierluigi Paganini
November 18, 2014
Many time security community has discussed about security of the popular messaging application WhatsApp, early 2014 experts at Praetorian discovered different security issues in the way WhatApp implements SSL, the principal one is the lack of enforcing the “certificate pinning“ which exposed users to the risk of man-in-the-middle attacks, but the company after different alert fixed the flaws.
Another bug discovered in WhatsApp app exposed user’s location to attackers, in particular under analysis there was the WhatsApp “Location Share” feature.
The company intends to demonstrate the importance it assigns to user security and privacy, it recently added end-to-end encryption for some mobile clients. Probably the decision to improve security of communication is for the company a need after the revelation made by the whistleblower Edward Snowden on the surveillance activities of the NSA.
The improvement was possible thanks the collaboration with the Open Whisper Systems mobile security firm, started by the popular security researcher Moxie Marlinspike. It was 2011 when Twitter acquired Open Whisper Systems, Marlinspike worked with them for two years before leaving.
The encryption implemented in the WhatsApp client is available only for Android OS and only could be used only for direct messages and not group messages.
“The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed,” states Open Whisper Systems in a blog post.
Probably the decision to improve security of communication is for the company a need after the revelation made by the whistleblower Edward Snowden on the surveillance activities of the NSA.
Security experts consider the introduction of encryption for the WhatsApp a significant effort due to the huge volume of messages elaborated by the server of the company every day, more than a billion messages will protected by the encryption by the firm.
“The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms.” states Open Whisper.
The company revealed that the deployment of the encryption features for WhatsApp will be extended incrementally also to other OSs that support the popular messaging application.
“WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. ” said Open Whisper
The blog post also confirmed that the experts at Open Whisper company are continuing to develop their TextSecure app, to extend it to hundreds of millions of users.
[adrotate banner=”9″]
(Security Affairs –WhatsApp, mobile)
