Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
What Sapp

What Sapp

Ratings: (0)|Views: 1|Likes:
Published by Darshak Doshi

More info:

Published by: Darshak Doshi on Jul 22, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





WhatsApp Messenger
is aproprietary,cross-platform instant messagingapplication forsmartphones. In addition to text messaging, users can send each other images,video, and audio media messages. The client software is available forAndroid,BlackBerry OS,BlackBerry 10,iOS,Series 40,Symbian (S60), andWindows Phone. WhatsApp Inc. was founded in 2009 byBrian ActonandJan Koum, both veterans of 
, and is based in Santa Clara, California.
 Competing with a number of Asian-based messaging services (likeLINE,KakaoTalk , andWeChat), WhatsApp was handling ten billion messages per day as of August2012,
growing from two billion in April 2012
and one billion the previousOctober.
According to the
Financial Times
, WhatsApp "has done toSMSonmobile phones whatSkypedid to international calling on landlines."WhatsApp uses a customized version of the open standardExtensible Messaging andPresence Protocol (XMPP).
Upon installation, it creates a user account using one'sphone number as username (JabberID:
[phone number]@s.whatsapp.net
).WhatsApp software automatically compares all phone numbers from the device'saddress book with its central database of WhatsApp users to automatically addcontacts to the users WhatsApp contact list. Previously the Android and s40 versionsused anMD5-hashed, reversed-version of the phone'sIMEIas password,
while theiOS version used the phone's WiFiMAC addressinstead of IMEI.
A recentupdate now generates a random password on the server side.
 Multimedia messages are sent by uploading the image, audio or video to be sent to aHTTP serverand then sending alink to the content along with itsBase64 encoded  thumbnail (if applicable).
 Until August 2012, messages were sent in unencrypted plain-text format, making thesystem vulnerable tosession hijacking.
As of August 15, 2012, the WhatsAppSupport Staff claims messages are encrypted in the "latest version" of the WhatsAppsoftware for iOS and Android (not including BlackBerry, Windows Phone andSymbian),without specifyingthe implemented cryptographic method.
See also:Mobile security In May 2011, a security hole was reported in WhatsApp which left user accounts openfor hijacking.
Since May 2011, it has been reported that communications made byWhatsApp are not encrypted, and data is sent and received in plaintext, meaningmessages can easily be read if packet traces are available.
 According to some sources, it is believed that the hijacking hack was performed, andlater fixed by helping WhatsApp reproduce it on Android and Symbian, by Liroy vanHoewijk, CEO of CoreISP.net.
Then, in May 2012 security researchers notedthat new updates of WhatsApp no longer sent messages as plaintext,
 however, the cryptographic method implemented was subsequently described as"broken".
In September 2011, a new version of the WhatsApp Messenger application foriPhones was released. In this new version, the developer has closed a number of critical security holes that allowed forged messages to be sent and messages from anyWhatsApp user to be read.
 On January 6, 2012, an unknown hacker published a website (WhatsAppStatus.net)which made it possible to change the status of an arbitrary WhatsApp user, as long asthe phone number was known. To let it work, it only required a restart of the app.According to the hacker, it is only one of the many security issues in WhatsApp. OnJanuary 9, WhatsApp reported to have solved the issue. In reality, the only measurethat was taken was blocking the website's IP address. As a reaction, a Windows toolwas made available for download providing the same functionality. This issue hassince been resolved in the form of an IP check on currently logged in session.
 On January 13, 2012, WhatsApp was pulled from the iOS App Store. The reason wasnot disclosed. The app was added back to the App Store four days later.
 UsingWhatsAPI, German Tech site
The H 
demonstrated how to hijack anyWhatsApp account on September 14, 2012.
Shortly after a legal threat toWhatsAPI's developers was alleged, characterized by
The H 
as "an apparent reaction"to security reports, and WhatsAPI's source code was taken down.
The WhatsAPIteam has since returned to active development.
See also:Internet privacy Another issue was witnessed on November 28, 2012 and before (WA blog post aboutit is from January 12), though this is not a security concern at all but more a problemwith "chain messages", when users gotspam messagesand ignorantly forwarded hoaxmessages to people on their contact lists.
The WhatsApp team clearly mentionedon its website that all such messages are fake.
This has not been the work of hackers, but simply the work of people randomly forwarding nonsense, a problem onany social media.A major privacy and security issue has been the subject of a joint Canadian-Dutchgovernment investigation. The primary concern was that WhatsApp required users toupload their entire mobile phone's address book to WhatsApp servers so thatWhatsApp could discover who, among the users' existing contacts, is available viaWhatsApp. While this is a fast and convenient way to quickly find and connect theuser with contacts who are also using WhatsApp, it means that their address book wasthen mirrored on the WhatsApp servers, including contact information for contactswho are not using WhatsApp. However, this information was stored as a hash andwithout additional identifying information such as a name.
 On March 31, 2013, the governing body of telecommunications affairs in SaudiArabia, theCommunications and Information Technology Commission(CITC),issued a statement regarding possible measures against WhatsApp, among other

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->