By Dan Goodin
The Android version of WhatsApp, the cross-platform instant messaging app purchased by Facebook for $16 billion, has a loophole that leaves chat histories wide open to other apps installed on the same smartphone, a security consultant says.
Consultant, system administrator, and entrepreneur Bas Bosschert documented the vulnerability in a blog post published Tuesday. It includes proof-of-concept code a rogue app requires to stealthily upload the chat history to an attacker-controlled server and, when working with newer versions of WhatsApp, to decrypt the file. The exploit is …read more